Vulnerability Report

CVE-2026-6379

Title: SQL Injection in WP Photo Album Plus

SQLi

Proof Of Concept

PoC Available for CVE-2026-6379

CWE Category NVD-CWE-noinfo

Published Date May 18, 2026

Modified Date May 18, 2026

Exploit Status Available

Score 8.6 CVSS v

Exploit Probability (EPSS)

0.33%

Vulnerability Summary

CVE-2026-6379: The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter before using it in a SQL query, allowing unauthenticated users to perform SQL injection attacks.

Impacted Vendors

Analysis in Progress...

Reference Links

https://wpscan.com/vulnerability/60b88fd2-4048-4773-b319-63caaf5bd8eb/

CVSS v3.1

Source Entity 134c704f-9b21-4f2e-91b3-4a467353bcc0

Severity HIGH

8.6

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

CHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-6379 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/dinosn/cve-2026-6379

View Code

May 18, 2026 MODIFIED

Vulnerability data updated via NVD.

May 18, 2026 MODIFIED

Vulnerability data updated via NVD.

May 18, 2026 MODIFIED

Vulnerability data updated via NVD.

Attack Vector Matrix

Access Vector NETWORK

Complexity LOW

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Affected Stack

No specific products linked.