[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1PukCoNmc1Z4N9E1UhodfV_YUWEdR6_bvBN0fSPGTWQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":264,"crawl_stats":38,"alternatives":270,"analysis":370,"fingerprints":1033},"wp-photo-album-plus","WP Photo Album Plus","9.1.09.005","Jacob N. Breetvelt","https:\u002F\u002Fprofiles.wordpress.org\u002Fopajaap\u002F","\u003Cp>This plugin is more than just a photo album plugin, it is a complete, highly customizable multimedia content management and display system.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Any number of albums that contain any type of multimedia file as well as sub albums.\u003C\u002Fli>\n\u003Cli>Full control over the display sizes, responsive as well as static.\u003C\u002Fli>\n\u003Cli>Full control over links from any type of image.\u003C\u002Fli>\n\u003Cli>Full control over metadata: exif, iptc can be used by keywords in item descriptions.\u003C\u002Fli>\n\u003Cli>Up to 10 custom defined meta data fields, for albums and for media items.\u003C\u002Fli>\n\u003Cli>Front-end uploads.\u003C\u002Fli>\n\u003Cli>Bulk imports.\u003C\u002Fli>\n\u003Cli>Built-in lightbox overlay system.\u003C\u002Fli>\n\u003Cli>Built-in Google Maps to display maps based on the photo gpx exif data.\u003C\u002Fli>\n\u003Cli>Built-in search functions on a.o. keywords and tags.\u003C\u002Fli>\n\u003Cli>A customizable rating system.\u003C\u002Fli>\n\u003Cli>Commenting system.\u003C\u002Fli>\n\u003Cli>Moderate user uploads and comments.\u003C\u002Fli>\n\u003Cli>Configurable email notification system.\u003C\u002Fli>\n\u003Cli>20 widgets a.o. upload, slideshow, photo of the day, top rated and commented items and many more.\u003C\u002Fli>\n\u003Cli>Supports Cloudinary cloud storage service.\u003C\u002Fli>\n\u003Cli>Supports Fotomoto print service.\u003C\u002Fli>\n\u003Cli>Required maintenace is fully executed by background processes (cron jobs).\u003C\u002Fli>\n\u003Cli>Extended error\u002Fevent logging system.\u003C\u002Fli>\n\u003Cli>Extended documentation site: https:\u002F\u002Fwppa.nl\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plugin Admin Features:\u003C\u002Fp>\n\u003Cp>You can find the plugin admin section under Menu Photo Albums on the admin screen.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Albums: Create and manage Albums.\u003C\u002Fli>\n\u003Cli>Upload: To upload photos to an album you created.\u003C\u002Fli>\n\u003Cli>Import: To bulk import items to an album that are previously been ftp’d.\u003C\u002Fli>\n\u003Cli>Moderate: Change status of pending\u003C\u002Fli>\n\u003Cli>Export: To export albums\u003C\u002Fli>\n\u003Cli>Settings: To control the various settings to customize your needs.\u003C\u002Fli>\n\u003Cli>photo of the day widget settings\u003C\u002Fli>\n\u003Cli>Help & Info: Credits and link to the documentation site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Translations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Dutch translation by OpaJaap himself (\u003Ca href=\"http:\u002F\u002Fwww.opajaap.nl\" rel=\"nofollow ugc\">Opa Jaap’s Weblog\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Slovak translation by Branco Radenovich (\u003Ca href=\"http:\u002F\u002Fwebhostinggeeks.com\u002Fuser-reviews\u002F\" rel=\"nofollow ugc\">WebHostingGeeks.com\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Polish translation by Maciej Matysiak\u003C\u002Fli>\n\u003Cli>Ukranian translation by Michael Yunat (\u003Ca href=\"http:\u002F\u002Fgetvoip.com\u002Fblog\" rel=\"nofollow ugc\">http:\u002F\u002Fgetvoip.com\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Italian translation by Giacomo Mazzullo (\u003Ca href=\"http:\u002F\u002Fgidibao.net\" rel=\"nofollow ugc\">http:\u002F\u002Fgidibao.net\u003C\u002Fa> & \u003Ca href=\"http:\u002F\u002Fcharmingpress.com\" rel=\"nofollow ugc\">http:\u002F\u002Fcharmingpress.com\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>German translation by Stefan Eggers\u003C\u002Fli>\n\u003Cli>Portuguese translation by Eric Sornoso (\u003Ca href=\"https:\u002F\u002FMealfan.com\" rel=\"nofollow ugc\">https:\u002F\u002FMealfan.com\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>When you leave a comment on a photo or other media item on this site, we send your name, email address, IP address and comment text to the server.\u003C\u002Fli>\n\u003Cli>When you enter a rating on a photo or other media item on this site, we send your (login)name or IP address and your rating to the server.\u003C\u002Fli>\n\u003Cli>When you upload a photo or other media item on this site, we send your name to the server.\u003C\u002Fli>\n\u003Cli>If the photo contains EXIF or IPTC data, this data may – dependant of the configuration – be saved on the server.\u003C\u002Fli>\n\u003Cli>If the photo contains GPX location data, this data will be saved on the server.\u003C\u002Fli>\n\u003Cli>If visit the site, the pages you visit, the photos you watch and your IP address will be saved on the server for statistical purposes in your session information. This information will be anonimized after one hour and removed after 24 hours.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>About and Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WP Photo Album Plus is extended with many new features and is maintained by J.N. Breetvelt, ( http:\u002F\u002Fwww.opajaap.nl\u002F ) a.k.a. OpaJaap\u003C\u002Fli>\n\u003Cli>Thanx to R.J. Kaplan for WP Photo Album 1.5.1, the basis of this plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Licence\u003C\u002Fh3>\n\u003Cp>WP Photo Album is released under the GNU GPL licence. ( http:\u002F\u002Fwww.gnu.org\u002Fcopyleft\u002Fgpl.html )\u003C\u002Fp>\n","This plugin is more than just a photo album plugin, it is a complete, highly customizable multimedia cms and display system.",10000,3387564,94,199,"2026-03-14T10:27:00.000Z","6.9.4","6.6","5.5",[20,21,22,23,24],"audio","lightbox","pdf","photo","video","https:\u002F\u002Fwppa.nl\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-photo-album-plus.9.1.09.005.zip",76,18,0,"2026-01-06 16:37:04","2026-03-15T15:16:48.613Z",[33,49,64,78,91,105,117,130,146,160,175,183,192,206,217,228,239,250],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-14835","wp-photo-album-plus-reflected-cross-site-scripting","WP Photo Album Plus \u003C= 9.1.05.008 - Reflected Cross-Site Scripting","The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 9.1.05.008 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=9.1.05.008","9.1.05.009","high",7.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:L","Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)","2026-01-07 05:25:55",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0903521d-3b07-4539-97c9-15e6bbe2cc2e?source=api-prod",1,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":56,"cvss_score":57,"cvss_vector":58,"vuln_type":59,"published_date":60,"updated_date":61,"references":62,"days_to_patch":48},"CVE-2025-8726","wp-photo-album-plus-authenticated-subscriber-stored-cross-site-scripting-via-wppauserupload","WP Photo Album Plus \u003C= 9.0.11.006 - Authenticated (Subscriber+) Stored Cross-Site Scripting via wppa_user_upload","The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 9.0.11.006 due to insufficient input sanitization and output escaping in the wppa_user_upload function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in the photo album descriptions that execute in a victim's browser.","\u003C=9.0.11.006","9.0.11.007","medium",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-10-03 14:09:22","2025-10-04 02:24:35",[63],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F575b11a3-9fa4-4ee0-8f19-7d53e6c1785f?source=api-prod",{"id":65,"url_slug":66,"title":67,"description":68,"plugin_slug":4,"theme_slug":38,"affected_versions":69,"patched_in_version":70,"severity":41,"cvss_score":71,"cvss_vector":72,"vuln_type":73,"published_date":74,"updated_date":75,"references":76,"days_to_patch":48},"CVE-2024-10958","wp-photo-album-plus-unauthenticated-arbitrary-shortcode-execution-via-getshortcodedrenderedfenodelay","WP Photo Album Plus \u003C= 8.8.08.007 - Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay","The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","\u003C=8.8.08.007","8.9.01.001",7.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:L","Improper Control of Generation of Code ('Code Injection')","2024-11-10 00:18:49","2024-11-10 12:30:34",[77],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F53bb0871-343a-4299-9902-682c422152d1?source=api-prod",{"id":79,"url_slug":80,"title":81,"description":82,"plugin_slug":4,"theme_slug":38,"affected_versions":83,"patched_in_version":84,"severity":56,"cvss_score":85,"cvss_vector":86,"vuln_type":59,"published_date":87,"updated_date":88,"references":89,"days_to_patch":48},"CVE-2024-9951","wordpress-photo-album-plus-reflected-cross-site-scripting","Wordpress Photo Album Plus \u003C= 8.8.05.003 - Reflected Cross-Site Scripting","The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=8.8.05.003","8.8.07.004",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-10-16 00:00:00","2024-10-17 07:34:44",[90],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3a4f0c06-db88-4950-b1f5-b2aab480c974?source=api-prod",{"id":92,"url_slug":93,"title":94,"description":95,"plugin_slug":4,"theme_slug":38,"affected_versions":96,"patched_in_version":97,"severity":56,"cvss_score":98,"cvss_vector":99,"vuln_type":59,"published_date":100,"updated_date":101,"references":102,"days_to_patch":104},"CVE-2024-38713","wp-photo-album-plus-authenticated-subscriber-stored-cross-site-scripting","WP Photo Album Plus \u003C= 8.8.02.002 - Authenticated (Subscriber+) Stored Cross-Site Scripting","The WP Photo Album Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.8.02.002 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=8.8.02.002","8.8.02.003",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-07-11 00:00:00","2024-07-17 13:35:52",[103],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7446bf86-81fa-4f89-8773-44b993ae2f7c?source=api-prod",7,{"id":106,"url_slug":107,"title":108,"description":109,"plugin_slug":4,"theme_slug":38,"affected_versions":110,"patched_in_version":111,"severity":56,"cvss_score":85,"cvss_vector":86,"vuln_type":59,"published_date":112,"updated_date":113,"references":114,"days_to_patch":116},"CVE-2024-37416","wp-photo-album-plus-reflected-cross-site-scripting-2","WP Photo Album Plus \u003C= 8.8.00.002 - Reflected Cross-Site Scripting","The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 8.8.00.002 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=8.8.00.002","8.8.00.003","2024-06-28 00:00:00","2024-07-02 16:12:14",[115],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F35f9f778-b056-4188-b34f-3c45b91a0138?source=api-prod",5,{"id":118,"url_slug":119,"title":120,"description":121,"plugin_slug":4,"theme_slug":38,"affected_versions":122,"patched_in_version":123,"severity":56,"cvss_score":124,"cvss_vector":125,"vuln_type":73,"published_date":126,"updated_date":127,"references":128,"days_to_patch":48},"CVE-2024-4037","wp-photo-album-plus-unauthenticated-arbitrary-shortcode-execution","WP Photo Album Plus \u003C= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution","The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","\u003C=8.7.00.003","8.7.00.004",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N","2024-05-23 20:04:58","2024-05-24 08:30:31",[129],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3d6b95ee-0a0d-49f7-83b1-4716eec3b863?source=api-prod",{"id":131,"url_slug":132,"title":133,"description":134,"plugin_slug":4,"theme_slug":38,"affected_versions":135,"patched_in_version":136,"severity":137,"cvss_score":138,"cvss_vector":139,"vuln_type":140,"published_date":141,"updated_date":142,"references":143,"days_to_patch":145},"CVE-2024-31377","wp-photo-album-plus-unauthenticated-arbitrary-file-upload","WP Photo Album Plus \u003C= 8.7.01.001 - Unauthenticated Arbitrary File Upload","The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the import functionality and no capability check in all versions up to, and including, 8.7.01.001. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","\u003C=8.7.01.001","8.7.01.002","critical",10,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2024-05-07 00:00:00","2024-05-16 11:13:19",[144],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcfbc7f74-89c6-4418-9e1e-12650e179912?source=api-prod",9,{"id":147,"url_slug":148,"title":149,"description":150,"plugin_slug":4,"theme_slug":38,"affected_versions":151,"patched_in_version":152,"severity":137,"cvss_score":153,"cvss_vector":154,"vuln_type":140,"published_date":155,"updated_date":156,"references":157,"days_to_patch":159},"CVE-2024-31286","wp-photo-album-plus-authenticated-subscriber-arbitrary-file-upload","WP Photo Album Plus \u003C= 8.6.03.004 - Authenticated (Subscriber+) Arbitrary File Upload","The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wppa_user_upload() function in all versions up to, and including, 8.6.03.004. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","\u003C=8.6.03.004","8.6.03.005",9.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:H\u002FI:H\u002FA:H","2024-04-05 00:00:00","2024-04-10 20:20:24",[158],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F80f7e161-b071-4cb1-8080-ff0ad926a5ca?source=api-prod",6,{"id":161,"url_slug":162,"title":163,"description":164,"plugin_slug":4,"theme_slug":38,"affected_versions":165,"patched_in_version":166,"severity":56,"cvss_score":167,"cvss_vector":168,"vuln_type":169,"published_date":170,"updated_date":171,"references":172,"days_to_patch":174},"CVE-2023-49774","wp-photo-album-plus-ip-spoofing","WP Photo Album Plus \u003C= 8.5.02.005 - IP Spoofing","The WP Photo Album Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 8.5.02.005. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply a header that allows their IP address to appear from a different location.","\u003C=8.5.02.005","8.6.01.005",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Use of Less Trusted Source","2023-12-05 00:00:00","2024-02-05 17:31:47",[173],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F017fe804-a1a5-4f8d-a531-e928d668dbc4?source=api-prod",63,{"id":176,"url_slug":177,"title":178,"description":179,"plugin_slug":4,"theme_slug":38,"affected_versions":165,"patched_in_version":166,"severity":56,"cvss_score":85,"cvss_vector":86,"vuln_type":59,"published_date":170,"updated_date":180,"references":181,"days_to_patch":174},"CVE-2023-49813","wp-photo-album-plus-cross-site-scripting-2","WP Photo Album Plus \u003C= 8.5.02.005 -  Cross-Site Scripting","The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 8.5.02.005 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","2024-02-05 17:31:46",[182],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5486d50c-8544-4368-b58b-66024a8ae86d?source=api-prod",{"id":184,"url_slug":185,"title":186,"description":187,"plugin_slug":4,"theme_slug":38,"affected_versions":165,"patched_in_version":166,"severity":56,"cvss_score":167,"cvss_vector":168,"vuln_type":188,"published_date":170,"updated_date":189,"references":190,"days_to_patch":174},"CVE-2023-49812","wp-photo-album-plus-insecure-direct-object-reference","WP Photo Album Plus \u003C= 8.5.02.005 - Insecure Direct Object Reference","The WP Photo Album Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 8.5.02.005 due to missing validation on a user controlled key. This makes it possible for unauthenticated attacker to perform an unauthorized action base don a user controlled key.","Authorization Bypass Through User-Controlled Key","2024-02-05 17:31:56",[191],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F72f3925d-6b3a-43bf-bfd1-fef7e71d5e43?source=api-prod",{"id":193,"url_slug":194,"title":195,"description":196,"plugin_slug":4,"theme_slug":38,"affected_versions":197,"patched_in_version":198,"severity":41,"cvss_score":199,"cvss_vector":200,"vuln_type":59,"published_date":201,"updated_date":202,"references":203,"days_to_patch":205},"CVE-2021-25115","wp-photo-album-plus-stored-cross-site-scripting","WP Photo Album Plus \u003C= 8.0.10 - Stored Cross-Site Scripting","The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel.","\u003C8.0.10","8.1.00",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2022-01-02 00:00:00","2024-01-22 19:56:02",[204],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb0c01e62-7a31-49de-851c-f52ce578bd95?source=api-prod",751,{"id":207,"url_slug":208,"title":209,"description":210,"plugin_slug":4,"theme_slug":38,"affected_versions":211,"patched_in_version":212,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":59,"published_date":213,"updated_date":202,"references":214,"days_to_patch":216},"CVE-2015-3647","wp-photo-album-plus-cross-site-scripting-3","WP Photo Album Plus \u003C 6.1.3 - Cross-Site Scripting","Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action.","\u003C6.1.3","6.1.3","2015-05-20 00:00:00",[215],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F97f6e03b-19ac-450b-9895-45f7d5328907?source=api-prod",3170,{"id":218,"url_slug":219,"title":220,"description":221,"plugin_slug":4,"theme_slug":38,"affected_versions":222,"patched_in_version":223,"severity":56,"cvss_score":85,"cvss_vector":86,"vuln_type":59,"published_date":224,"updated_date":202,"references":225,"days_to_patch":227},"CVE-2014-8814","wp-photo-album-plus-reflected-cross-site-scripting-3","WP Photo Album Plus \u003C= 5.4.17 - Reflected Cross-Site Scripting","The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘walbum’ parameter in versions up to, and including, 5.4.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=5.4.17","5.4.18","2014-11-06 00:00:00",[226],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4d5a7f60-0850-4322-a7d8-8e5c144efe51?source=api-prod",3365,{"id":229,"url_slug":230,"title":231,"description":232,"plugin_slug":4,"theme_slug":38,"affected_versions":233,"patched_in_version":234,"severity":56,"cvss_score":98,"cvss_vector":99,"vuln_type":59,"published_date":235,"updated_date":202,"references":236,"days_to_patch":238},"WF-fdbb60e5-4d67-4deb-94e0-788c1fb0e42f-wp-photo-album-plus","wp-photo-album-plus-stored-cross-site-scripting-2","WP Photo Album Plus \u003C= 5.4.7 - Stored Cross-Site Scripting","The WP Photo Album Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'zip' parameter in versions up to, and including, 5.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=5.4.7","5.4.8","2014-09-17 00:00:00",[237],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ffdbb60e5-4d67-4deb-94e0-788c1fb0e42f?source=api-prod",3415,{"id":240,"url_slug":241,"title":242,"description":243,"plugin_slug":4,"theme_slug":38,"affected_versions":244,"patched_in_version":245,"severity":56,"cvss_score":85,"cvss_vector":86,"vuln_type":59,"published_date":246,"updated_date":202,"references":247,"days_to_patch":249},"CVE-2013-3254","wp-photo-album-plus-cross-site-scripting","WP Photo Album Plus \u003C 5.0.3 - Cross-Site Scripting","Cross-site scripting (XSS) vulnerability in wp-admin\u002Fadmin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action.","\u003C5.0.3","5.0.3","2013-05-06 00:00:00",[248],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4bd90ca2-85ae-42e3-b2a0-fae6ec28d6b3?source=api-prod",3914,{"id":251,"url_slug":252,"title":253,"description":254,"plugin_slug":4,"theme_slug":38,"affected_versions":255,"patched_in_version":256,"severity":137,"cvss_score":257,"cvss_vector":258,"vuln_type":259,"published_date":260,"updated_date":202,"references":261,"days_to_patch":263},"CVE-2008-0939","wp-photo-album-plus-sql-injection","WP Photo Album Plus \u003C= 1.1 - SQL Injection","Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information.","\u003C=1.0","1.1",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2008-02-25 00:00:00",[262],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcb102a58-2fc0-4441-8f51-a6109e323878?source=api-prod",5811,{"slug":265,"display_name":7,"profile_url":8,"plugin_count":159,"total_installs":266,"avg_security_score":267,"avg_patch_time_days":268,"trust_score":27,"computed_at":269},"opajaap",10340,96,1147,"2026-04-04T14:45:38.166Z",[271,293,316,332,351],{"slug":272,"name":273,"version":274,"author":275,"author_profile":276,"description":277,"short_description":278,"active_installs":279,"downloaded":280,"rating":267,"num_ratings":281,"last_updated":282,"tested_up_to":16,"requires_at_least":17,"requires_php":283,"tags":284,"homepage":289,"download_link":290,"security_score":291,"vuln_count":104,"unpatched_count":29,"last_vuln_date":292,"fetched_at":31},"simply-gallery-block","Mixed Media Gallery Blocks","3.3.2.3","GalleryCreator","https:\u002F\u002Fprofiles.wordpress.org\u002Fgallerycreator\u002F","\u003Ch4>Blocks\u003C\u002Fh4>\n\u003Cp>SimpLy Gallery Blocks is a friendly, easy-to-use gallery plugin with advanced options for creating responsive image, video, and audio galleries in multiple layouts, including Slider \u002F Carousel, Masonry, Justified, Grid, and more.\u003C\u002Fp>\n\u003Ch4>Albums\u003C\u002Fh4>\n\u003Cp>Combine multiple galleries into a single album with a dedicated splash page. Albums work as gallery collections, allowing you to group related galleries under one entry point.\u003C\u002Fp>\n\u003Cp>Each gallery inside an album is loaded dynamically via AJAX and opened in a modal view, so visitors can browse galleries directly from the album splash page without reloading the page, keeping navigation fast and seamless.\u003C\u002Fp>\n\u003Ch4>Lightbox Plugin\u003C\u002Fh4>\n\u003Cp>SimpLy Lightbox Plugin easily displays all linked images from a post or page in highly customizable lightbox. Compatible with native WordPress gallery (Block or Classic Editor). Each Post or Page can have a unique lightbox setting.\u003C\u002Fp>\n\u003Ch3>Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002F\" rel=\"nofollow ugc\">Masonry, Justified, Grid, Slider, Viewer Gallery Blocks – Live DEMO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Falbum-navigator\u002F\" rel=\"nofollow ugc\">Album Navigator Block – Live DEMO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Falbum-beginning\u002F\" rel=\"nofollow ugc\">Albums Block – Live DEMO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Fsimply-viewer\u002F\" rel=\"nofollow ugc\">Viewer Gallery Block – Live DEMO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Fshowcase-gallery-block\u002F\" rel=\"nofollow ugc\">Premium Showcase Gallery Block – Live DEMO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Fdiamond\u002F\" rel=\"nofollow ugc\">Premium Diamond Gallery Block – Live DEMO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Fhorizon-premium-gallery-block\u002F\" rel=\"nofollow ugc\">Premium Horizon Gallery Block – Live DEMO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Fsplit-carousel\u002F\" rel=\"nofollow ugc\">Premium Split Carousel Block – Live DEMO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Ftagsbox-covers-gallery\u002F\" rel=\"nofollow ugc\">Premium TagsBox Block – Live DEMO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Fportfolio-premium-block\u002F\" rel=\"nofollow ugc\">Premium Portfolio Block – Live DEMO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Fgrid-tags-filter\u002F\" rel=\"nofollow ugc\">Tags Filter – Live DEMO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Fsimply-slider-carousel\u002F\" rel=\"nofollow ugc\">SimpLy Slider \u002F Carousel – Live DEMO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Fportfolio2-youtube-vimeo-mp4\u002F\" rel=\"nofollow ugc\">YouTube and Vimeo Gallery – DEMO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Fsimply-lightbox\u002F\" rel=\"nofollow ugc\">SimpLy Lightbox and WordPress Native Gallery – DEMO\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Albums\u003C\u002Fli>\n\u003Cli>Build dynamic video galleries by simply adding a \u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Fyoutube-playlist\u002F\" rel=\"nofollow ugc\">YouTube Playlist\u003C\u002Fa> *PRO\u003C\u002Fli>\n\u003Cli>Build dynamic Vimeo video galleries by simply adding a \u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Fvimeo-showcase\u002F\" rel=\"nofollow ugc\">Video Showcase \u002F Album, User Uploads, Channel or Category\u003C\u002Fa> *PRO\u003C\u002Fli>\n\u003Cli>Advanced Tags Filter. DeepLinking for tags. Filter without button “All” \u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Fadvanced-tag-filter\u002F\" rel=\"nofollow ugc\">Demo\u003C\u002Fa> *PLUS\u002FPRO\u003C\u002Fli>\n\u003Cli>WooCommerce Products list, Categories and Tags – \u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Fwoocommerce-products-gallery\u002F\" rel=\"nofollow ugc\">Dynamic Gallery *PRO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Media Library Assistant.  Att. Cattegory and Att. Tag – Dynamic Gallery *PRO\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Ffilebird-folders-in-media-library\u002F\" rel=\"nofollow ugc\">FileBird Media Folders – Dynamic Gallery *PRO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplygallery.co\u002Ftags-filter\u002F\" rel=\"nofollow ugc\">Tags Filter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Poster generator for a self-hosted video (.mp4). Just select a frame and set it as a featured image for your video.\u003C\u002Fli>\n\u003Cli>Hidden Gallery\u003C\u002Fli>\n\u003Cli>Supports Photo, Video \u003Cem>MP4, YouTube, Vimeo and Audio *MP3 Lightbox is enabled by default\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>HTML5 Browser History support – Deep linking. Disabled by default*\u003C\u002Fli>\n\u003Cli>Lightbox – Mouse wheel navigation and Fading Transition\u003C\u002Fli>\n\u003Cli>Automatic SlideShow support (with CountDown timer)\u003C\u002Fli>\n\u003Cli>Multi-touch gestures support\u003C\u002Fli>\n\u003Cli>Thumbnails support\u003C\u002Fli>\n\u003Cli>Fully Responsive\u003C\u002Fli>\n\u003Cli>Mobile Friendly\u003C\u002Fli>\n\u003Cli>Unlimited colors\u003C\u002Fli>\n\u003Cli>SVG icon\u003C\u002Fli>\n\u003Cli>Physics Based Animations\u003C\u002Fli>\n\u003Cli>FullScreen support\u003C\u002Fli>\n\u003Cli>Browser features control (scrollbar, mousewheel, right click prevention)\u003C\u002Fli>\n\u003Cli>Inactive State detection\u003C\u002Fli>\n\u003Cli>Smart Resizing\u003C\u002Fli>\n\u003Cli>HTML Caption (Attachment Caption or Alternative Text)\u003C\u002Fli>\n\u003Cli>Keyboard and mouse wheel support (navigate and zoom)\u003C\u002Fli>\n\u003Cli>Social Sharing (Facebook, Twitter, Pinterest)\u003C\u002Fli>\n\u003Cli>Smart Loading\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Flexible gallery building\u003C\u002Fh3>\n\u003Cp>Mixed Media Gallery Blocks provides a flexible gallery building experience for images, video, and audio. Add media items to your gallery, adjust display settings, and publish galleries using different layouts depending on your content needs.\u003C\u002Fp>\n\u003Ch3>Transformable gallery layouts\u003C\u002Fh3>\n\u003Cp>Galleries can be transformed between different layouts such as Masonry, Grid, Justified, and fullscreen views. This allows you to reuse the same gallery content while changing its visual presentation without rebuilding it.\u003C\u002Fp>\n\u003Ch3>Responsive by design\u003C\u002Fh3>\n\u003Cp>Gallery layouts are responsive by default and adapt to different screen sizes. Separate styling controls for desktop and mobile help ensure galleries remain usable and visually consistent across devices.\u003C\u002Fp>\n\u003Ch3>Lightbox experience\u003C\u002Fh3>\n\u003Cp>The built-in lightbox supports touch gestures, keyboard navigation, and mouse wheel controls. Users can navigate, zoom, and interact with gallery items on both desktop and mobile devices.\u003C\u002Fp>\n\u003Cp>The lightbox interface is designed to be familiar and intuitive, making it easy for visitors to browse media content without leaving the page.\u003C\u002Fp>\n\u003Ch3>Performance-focused\u003C\u002Fh3>\n\u003Cp>The plugin is designed with performance in mind, using dynamic loading and optimized rendering to keep galleries responsive and pages lightweight.\u003C\u002Fp>\n\u003Ch3>A short demo of SimpLy Gallery Blocks\u003C\u002Fh3>\n\u003Cp>In this video you will see how easily you can create photo gallery using SGB Gutenberg photo gallery block.\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FYEFVCGdTwtM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003Cbr \u002F>\nPlease note that you easily convert block gallery from Masonry to Justified or to Grid or to WordPress image gallery and vice versa.\u003C\u002Fp>\n\u003Ch4>Included Gallery Gutenberg Blocks\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Albums Block\u003C\u002Fli>\n\u003Cli>Slider \u002F Carousel Gallery Block\u003C\u002Fli>\n\u003Cli>Masonry Gallery Block\u003C\u002Fli>\n\u003Cli>Justified Block\u003C\u002Fli>\n\u003Cli>Grid Block\u003C\u002Fli>\n\u003C\u002Ful>\n","Create mixed media galleries with images, HTML5 video, YouTube, Vimeo, and VideoPress — all in one gallery by Simply Gallery.",40000,1073876,114,"2026-03-09T09:10:00.000Z","5.3.8",[285,286,21,287,288],"album","audio-gallery","media-gallery","video-gallery","https:\u002F\u002Fsimplygallery.co\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimply-gallery-block.3.3.2.3.zip",92,"2025-12-12 15:46:53",{"slug":294,"name":295,"version":296,"author":297,"author_profile":298,"description":299,"short_description":300,"active_installs":301,"downloaded":302,"rating":267,"num_ratings":303,"last_updated":304,"tested_up_to":16,"requires_at_least":305,"requires_php":306,"tags":307,"homepage":311,"download_link":312,"security_score":313,"vuln_count":314,"unpatched_count":29,"last_vuln_date":315,"fetched_at":31},"new-album-gallery","Album Gallery","1.7.1","A WP Life","https:\u002F\u002Fprofiles.wordpress.org\u002Fawordpresslife\u002F","\u003Cp>Album Gallery helps you organize and display your photos and videos in attractive album layouts. Whether you’re showcasing travel memories, event photos, or product galleries, this album gallery makes it simple to create organized collections that visitors can browse easily.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Free Version Demo:\u003C\u002Fstrong> \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fawplife.com\u002Fdemo\u002Falbum-gallery-free-wordpress-plugin\u002F\" rel=\"nofollow ugc\">Album Gallery\u003C\u002Fa>\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>Pro Version Demo:\u003C\u002Fstrong> \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fawplife.com\u002Fdemo\u002Falbum-gallery-premium\u002F\" rel=\"nofollow ugc\">Album Gallery Premium\u003C\u002Fa>\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>Where to Buy:\u003C\u002Fstrong> \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fawplife.com\u002Faccount\u002Fsignup\u002Falbum-gallery-premium\u002F\" rel=\"nofollow ugc\">Buy Flickr Album Premium\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FrUB-1FkBW48?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Why Use Album Gallery?\u003C\u002Fh4>\n\u003Cp>Managing multiple images on your website can get messy. Album Gallery solves this by letting you group related photos into albums, similar to how you’d organize a physical photo album. Each album displays as a cover image, and when visitors click on it, they see all the photos inside with a smooth lightbox viewer.\u003C\u002Fp>\n\u003Cp>The album gallery works on all devices – desktops, tablets, and phones. Your albums automatically adjust to fit any screen size, so your photos always look good no matter how visitors access your site.\u003C\u002Fp>\n\u003Ch4>What You Can Create\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Photo Albums\u003C\u002Fstrong> – Group vacation photos, family events, or any image collection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Video Albums\u003C\u002Fstrong> – Organize video content with thumbnail previews\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mixed Media Albums\u003C\u002Fstrong> – Combine photos and videos in the same album\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Portfolio Galleries\u003C\u002Fstrong> – Showcase your work with hover effects\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Free Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Responsive album gallery design\u003C\u002Fli>\n\u003Cli>Flexible column layouts (1-6 columns)\u003C\u002Fli>\n\u003Cli>Lightbox image viewer\u003C\u002Fli>\n\u003Cli>Video support with embedded players\u003C\u002Fli>\n\u003Cli>Multiple hover effects\u003C\u002Fli>\n\u003Cli>Animation effects on load\u003C\u002Fli>\n\u003Cli>Widget support for sidebars\u003C\u002Fli>\n\u003Cli>Title bar customization\u003C\u002Fli>\n\u003Cli>Shortcode for easy embedding\u003C\u002Fli>\n\u003Cli>Works with all themes\u003C\u002Fli>\n\u003Cli>Import and export galleries\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Pro Features\u003C\u002Fh4>\n\u003Cp>Upgrade to Album Gallery Pro for additional capabilities:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Advanced column layout options\u003C\u002Fli>\n\u003Cli>Custom gallery thumbnail sizes\u003C\u002Fli>\n\u003Cli>Extended animation effects library\u003C\u002Fli>\n\u003Cli>More hover effect styles\u003C\u002Fli>\n\u003Cli>Video autoplay settings\u003C\u002Fli>\n\u003Cli>Loop and slideshow settings\u003C\u002Fli>\n\u003Cli>Color picker for full customization\u003C\u002Fli>\n\u003Cli>Custom CSS support\u003C\u002Fli>\n\u003Cli>Priority support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Create a new album from the Album Gallery menu\u003C\u002Fli>\n\u003Cli>Upload your photos or add video URLs\u003C\u002Fli>\n\u003Cli>Configure display settings (columns, effects, lightbox)\u003C\u002Fli>\n\u003Cli>Copy the shortcode and paste it into any page or post\u003C\u002Fli>\n\u003Cli>Your album gallery is live\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>You can also add album galleries to sidebars using the text widget with shortcodes.\u003C\u002Fp>\n","Create stunning photo and video albums with responsive layouts, lightbox display, and customizable hover effects.",4000,165633,27,"2026-03-09T07:02:00.000Z","4.0","",[308,309,21,310,288],"album-gallery","image-gallery","photo-gallery","https:\u002F\u002Fawplife.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnew-album-gallery.1.7.1.zip",97,3,"2025-02-28 00:00:00",{"slug":317,"name":318,"version":319,"author":318,"author_profile":320,"description":321,"short_description":322,"active_installs":138,"downloaded":323,"rating":324,"num_ratings":325,"last_updated":326,"tested_up_to":16,"requires_at_least":327,"requires_php":328,"tags":329,"homepage":306,"download_link":331,"security_score":324,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"folioblocks","FolioBlocks","1.2.2","https:\u002F\u002Fprofiles.wordpress.org\u002Fportfolioblocks\u002F","\u003Cp>FolioBlocks is a modern gallery and portfolio plugin built specifically for the WordPress Block Editor (Gutenberg) and Full Site Editor. Designed for photographers, designers, artists, and creative professionals, FolioBlocks makes it easy to create beautiful, fully responsive image galleries, video galleries, and before-and-after comparison blocks—all without shortcodes or external gallery systems.\u003C\u002Fp>\n\u003Cp>Build professional galleries directly inside Gutenberg using flexible layouts including Grid, Justified, Masonry, Modular, Carousel, and Video Gallery blocks. Every block is performance-focused, mobile-friendly, and optimized for real portfolio use cases. FolioBlocks brings powerful visual tools into the native editor so you can work quickly and maintain full creative control.\u003C\u002Fp>\n\u003Cp>Included blocks:\u003Cbr \u002F>\n* Background Video Block – Add an autoplaying, responsive background video with overlay content on top\u003Cbr \u002F>\n* Before & After Block – Compare two images with an interactive slider\u003Cbr \u002F>\n* Loupe Block – Highlight fine details with an elegant magnifying zoom effect\u003Cbr \u002F>\n* Carousel Gallery Block – Smooth, swipe-friendly horizontal image slider\u003Cbr \u002F>\n* Filmstrip Gallery Block – Scroll through large images with thumbnail navigation below\u003Cbr \u002F>\n* Grid Gallery Block – Classic evenly-spaced grid layout\u003Cbr \u002F>\n* Image Block – Display a single image with lightbox, hover overlay, optional downloads, and WooCommerce linking\u003Cbr \u002F>\n* Justified Gallery Block – Professional row-based gallery with balanced heights\u003Cbr \u002F>\n* Masonry Gallery Block – Pinterest-style vertical gallery layout\u003Cbr \u002F>\n* Modular Gallery Block (Pro Only) – Build custom, magazine-style image layouts\u003Cbr \u002F>\n* Video Block – Display a single video with custom thumbnail, lightbox playback, captions, and optional WooCommerce linking\u003Cbr \u002F>\n* Video Gallery Block – Showcase YouTube, Vimeo, or self-hosted videos\u003C\u002Fp>\n\u003Cp>Gallery Features – All gallery blocks include:\u003Cbr \u002F>\n* Fully responsive layouts for desktop, tablet, and mobile\u003Cbr \u002F>\n* Built-in Lightbox\u003Cbr \u002F>\n* Caption support and accessibility-friendly interactions\u003Cbr \u002F>\n* Drag-and-drop image ordering\u003Cbr \u002F>\n* 100% native Gutenberg block editing (no shortcodes, no separate gallery manager)\u003Cbr \u002F>\n* Block Transforms covert galleires in one click (Grid, Justified, or Masonry and Carousel or Filmstrip)\u003C\u002Fp>\n\u003Cp>Advanced Features (Pro) – Unlock advanced tools designed for photography websites, creative portfolios, and WooCommerce-powered shops:\u003Cbr \u002F>\n* Block Transforms convert galleries in one click\u003Cbr \u002F>\n* Gallery Image Filtering\u003Cbr \u002F>\n* WooCommerce Product Integration\u003Cbr \u002F>\n* Download Full-Resolution Images\u003Cbr \u002F>\n* Randomize Image Order\u003Cbr \u002F>\n* Disable Right-Click \u002F Content Protection\u003Cbr \u002F>\n* Lazy Load Images for faster performance\u003Cbr \u002F>\n* Hover Effects and Image Overlays\u003Cbr \u002F>\n* Advanced Gallery Styling Controls (borders, shadows, radius, etc.)\u003C\u002Fp>\n\u003Cp>Why FolioBlocks?\u003C\u002Fp>\n\u003Cp>FolioBlocks is built for users who want fast, native, block-based galleries without the complexity of third-party gallery builders or shortcode-based plugins. If you want a clean, modern way to display photography, client work, products, portfolios, or case studies—FolioBlocks gives you those tools directly inside the editor.\u003C\u002Fp>\n\u003Ch3>Source Code\u003C\u002Fh3>\n\u003Cp>Public repository:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Ffolioblocks\u002Ffolioblocks\u003C\u002Fp>\n","Create fast, responsive photo and video galleries with grid, masonry, justified, modular, and carousel layouts—ideal for photographers and creatives.",960,100,4,"2026-03-11T08:08:00.000Z","6.3","7.4",[330,309,21,310,288],"gallery","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffolioblocks.1.2.2.zip",{"slug":333,"name":334,"version":335,"author":336,"author_profile":337,"description":338,"short_description":339,"active_installs":138,"downloaded":340,"rating":29,"num_ratings":29,"last_updated":341,"tested_up_to":342,"requires_at_least":343,"requires_php":306,"tags":344,"homepage":348,"download_link":349,"security_score":350,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"live-editor-file-manager","Live Editor File Manager","0.5.7","Live Editor","https:\u002F\u002Fprofiles.wordpress.org\u002Fliveeditor\u002F","\u003Cp>Upload, embed, and link to your files hosted on Live Editor directly in your WordPress site.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>HTML5 video and audio media encoding built in.\u003C\u002Fstrong> Your uploaded files are automatically encoded into the formats required for playback on all computers and mobile devices.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reliable cloud hosting.\u003C\u002Fstrong> All uploaded files are stored on and served from Amazon S3.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Better organization and retrieval.\u003C\u002Fstrong> Organize your files into collections. Add basic metadata. Use our powerful built-in search engine to find what you’re looking for.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatically track your usage of files\u003C\u002Fstrong> when you add them to a post or page in WordPress. Then you’ll know the full impact of uploading a new version or deleting the file later.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track sources and derivatives\u003C\u002Fstrong> for each file.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Link up YouTube and Vimeo videos\u003C\u002Fstrong> to their source video files for easier retrieval and editing later.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Seamless integration with WordPress.\u003C\u002Fstrong> We’ve taken great care to build this WordPress plugin with the same visual style and functionality that you’d expect from WordPress. You’ll forget that you’re using an external service while you’re authoring your content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> This plugin requires paid subscription to the \u003Ca href=\"http:\u002F\u002Fwww.liveeditorcms.com\u002Ffile-manager?utm_source=WordPress%2BPlugin%2BDirectory&utm_medium=readme&utm_content=v0.5.7&utm_campaign=WordPress%2BPlugin\" rel=\"nofollow ugc\">Live Editor File Manager\u003C\u002Fa> service.\u003C\u002Fp>\n","Better media management for WordPress. Upload, embed, and link to your files hosted on Live Editor directly in your WordPress site.",4939,"2014-04-17T12:59:00.000Z","3.9.40","3.5",[20,345,346,347,24],"files","images","photos","http:\u002F\u002Fwww.liveeditorcms.com\u002Fwordpress?utm_source=WordPress%2BPlugin%2BBrowser&utm_medium=link&utm_content=v0.5.7&utm_term=Plugin%2BHomepage&utm_campaign=WordPress%2BPlugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flive-editor-file-manager.0.5.7.zip",85,{"slug":352,"name":353,"version":354,"author":355,"author_profile":356,"description":357,"short_description":358,"active_installs":29,"downloaded":359,"rating":29,"num_ratings":29,"last_updated":360,"tested_up_to":361,"requires_at_least":362,"requires_php":363,"tags":364,"homepage":368,"download_link":369,"security_score":350,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"video-link-gallery","Video-Link-Gallery","1.0.2","mbergann","https:\u002F\u002Fprofiles.wordpress.org\u002Fmbergann\u002F","\u003Cp>This plugin creates a video-gallery for youtube- or vimeo-videos or direct video-file-links by simply defining the gallery with shortcodes.\u003Cbr \u002F>\nThe Videos will be opened in a lightbox.\u003C\u002Fp>\n\u003Cp>By default the “\u003Ca href=\"https:\u002F\u002Fphotoswipe.com\u002F\" rel=\"nofollow ugc\">PhotoSwipe\u003C\u002Fa>“-Lightbox of Dmitry Semenov is used.\u003Cbr \u002F>\n(at the moment it is the only one)\u003C\u002Fp>\n\u003Cp>This plugin is really simple and clean designed to be easily extendable.\u003Cbr \u002F>\n* there is a “src\u002FVideoProvider”-directory where every Video-Platform (like youtube or vimeo) is defined in an own php-class implementing a class-interface.\u003Cbr \u002F>\n* there is a “src\u002FLightbox”-directory where every lightbox is defined in an own php-class, implementing a class-interface\u003Cbr \u002F>\n* there is a “src\u002FShortcodes”-directory where the “[video-gallery]”-Shortcode is defined – that is where the magic happenes – but there is no need to edit this file.\u003C\u002Fp>\n\u003Ch4>Parameters and video-provider-specific specials\u003C\u002Fh4>\n\u003Cp>All parameters – general parameters and also video-provider-specific parameters are set directly in the [[video-gallery]]-Shortcode.\u003C\u002Fp>\n\u003Ch4>general\u003C\u002Fh4>\n\u003Cp>  parameter\u003Cbr \u002F>\n  description\u003Cbr \u002F>\n  default\u003C\u002Fp>\n\u003Cp>  lightbox\u003Cbr \u002F>\n  name of the lightbox-class that should be used\u003Cbr \u002F>\n  PhotoSwipe\u003C\u002Fp>\n\u003Ch4>Youtube\u003C\u002Fh4>\n\u003Cp>  parameter\u003Cbr \u002F>\n  description\u003Cbr \u002F>\n  default\u003C\u002Fp>\n\u003Cp>  yt_nocookie\u003Cbr \u002F>\n  use youtube-nocookie.com instead of youtube.com in video-links to be GDPR(DSGVO)-save\u003Cbr \u002F>\n  true\u003C\u002Fp>\n\u003Ch4>Vimeo\u003C\u002Fh4>\n\u003Cp>In vimeo the preview-image-URL doesn’t use the video-ID – so you need to make an API-request to get the image-URL.\u003Cbr \u002F>\nIn this API-call we also get the original title of the video.\u003Cbr \u002F>\nFor this reason we need the php CURL extension.\u003Cbr \u002F>\nThe thumbnail will be taken from the API-response.\u003Cbr \u002F>\nWhen no manual video-title is defined, the video-provider-class uses also the original video-title from API-response automaticly.\u003C\u002Fp>\n\u003Ch3>Extending the Plugin\u003C\u002Fh3>\n\u003Cp>You can easily extend the Plugin by writing your own classes for Video-Platforms or other Lightboxes – you just have to implement the Interfaces.\u003C\u002Fp>\n","Video-Gallery defined by shortcodes for youtube, vimeo and direct links, opening videos in a lightbox (default-lightbox: \"PhotoSwipe\")",1023,"2020-02-25T07:58:00.000Z","5.3.21","4.7","7.1",[21,365,288,366,367],"photoswipe","vimeo","youtube","https:\u002F\u002Fwww.coderey.de\u002Fwordpress-plugins\u002Fvideo-link-gallery\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvideo-link-gallery.1.0.2.zip",{"attackSurface":371,"codeSignals":858,"taintFlows":957,"riskAssessment":1016,"analyzedAt":1032},{"hooks":372,"ajaxHandlers":808,"restRoutes":817,"shortcodes":825,"cronEvents":845,"entryPointCount":857,"unprotectedCount":48},[373,378,382,387,390,393,396,399,403,407,410,414,417,420,425,429,432,435,438,441,444,448,452,456,459,464,469,474,477,481,485,489,493,496,500,505,509,513,517,520,523,527,531,534,538,542,546,549,552,556,559,562,565,568,572,575,579,583,587,591,596,600,604,606,609,613,617,621,625,629,634,637,641,645,649,653,658,662,665,668,671,675,678,681,684,688,692,694,696,700,703,707,711,715,719,722,726,730,734,738,741,744,747,749,751,754,756,759,763,767,772,776,780,784,787,790,792,795,798,801,805],{"type":374,"name":375,"callback":376,"priority":48,"file":377,"line":138},"action","admin_footer","wppa_block_js","blocks\\common\\index.php",{"type":374,"name":379,"callback":380,"priority":138,"file":377,"line":381},"admin_init","wppa_block_styles",65,{"type":374,"name":383,"callback":384,"file":385,"line":386},"init","wp_photo_album_plus_general_register_block","blocks\\general\\index.php",28,{"type":374,"name":383,"callback":388,"file":389,"line":386},"wp_photo_album_plus_photo_register_block","blocks\\photo\\index.php",{"type":374,"name":383,"callback":391,"file":392,"line":386},"wp_photo_album_plus_potd_register_block","blocks\\potd\\index.php",{"type":374,"name":383,"callback":394,"file":395,"line":386},"wp_photo_album_plus_slideshow_register_block","blocks\\slideshow\\index.php",{"type":374,"name":383,"callback":397,"file":398,"line":386},"wp_photo_album_plus_upload_register_block","blocks\\upload\\index.php",{"type":374,"name":383,"callback":400,"file":401,"line":402},"wppa_setup","wppa-admin.php",14,{"type":374,"name":404,"callback":405,"file":401,"line":406},"admin_menu","wppa_add_admin",17,{"type":374,"name":379,"callback":408,"file":401,"line":409},"wppa_admin_styles",222,{"type":374,"name":411,"callback":412,"file":401,"line":413},"admin_enqueue_scripts","theme_styles_for_wppa",254,{"type":374,"name":379,"callback":415,"file":401,"line":416},"wppa_admin_scripts",284,{"type":374,"name":379,"callback":418,"priority":48,"file":401,"line":419},"wppa_add_scgens",443,{"type":421,"name":422,"callback":423,"priority":138,"file":401,"line":424},"filter","plugin_row_meta","wppa_donate_link",458,{"type":374,"name":426,"callback":427,"file":401,"line":428},"admin_notices","wppa_verify_multisite_config",461,{"type":374,"name":426,"callback":430,"file":401,"line":431},"wppa_maintenance_messages",464,{"type":374,"name":426,"callback":433,"file":401,"line":434},"wppa_check_config_conflicts",467,{"type":374,"name":379,"callback":436,"file":401,"line":437},"wppa_check_tag_system",470,{"type":374,"name":379,"callback":439,"file":401,"line":440},"wppa_check_cat_system",473,{"type":374,"name":375,"callback":442,"file":401,"line":443},"wppa_load_panorama_js",479,{"type":421,"name":445,"callback":446,"priority":138,"file":401,"line":447},"block_categories_all","wppa_block_categories",503,{"type":374,"name":449,"callback":450,"priority":48,"file":401,"line":451},"save_post","wppa_fix_gutenberg_shortcodes",529,{"type":374,"name":453,"callback":454,"file":401,"line":455},"delete_user","wppa_delete_user",567,{"type":374,"name":426,"callback":457,"file":401,"line":458},"wppa_say_fe_reconfig",571,{"type":374,"name":460,"callback":461,"priority":313,"file":462,"line":463},"admin_bar_menu","wppa_admin_bar_menu","wppa-adminbar.php",12,{"type":374,"name":465,"callback":466,"file":467,"line":468},"widgets_init","wppa_register_AdminsChoice","wppa-admins-choice-widget.php",113,{"type":374,"name":470,"callback":471,"file":472,"line":473},"template_redirect","wppa_ajax_include","wppa-ajax.php",20,{"type":374,"name":383,"callback":475,"file":472,"line":476},"wppa_ajax_rewrite_rule",31,{"type":421,"name":478,"callback":479,"file":472,"line":480},"query_vars","wppa_ajax_query_vars",39,{"type":374,"name":465,"callback":482,"file":483,"line":484},"wppa_register_AlbumNavigatorWidget","wppa-album-navigator-widget.php",390,{"type":374,"name":465,"callback":486,"file":487,"line":488},"wppa_register_AlbumWidget","wppa-album-widget.php",452,{"type":374,"name":465,"callback":490,"file":491,"line":492},"wppa_register_BestOfWidget","wppa-bestof-widget.php",251,{"type":374,"name":383,"callback":494,"file":495,"line":138},"wppa_load_cloudinary","wppa-cloudinary.php",{"type":374,"name":465,"callback":497,"file":498,"line":499},"wppa_register_wppaCommentWidget","wppa-comment-widget.php",202,{"type":374,"name":501,"callback":502,"priority":138,"file":503,"line":504},"wppa_cron_event","wppa_do_maintenance_proc","wppa-cron.php",22,{"type":374,"name":506,"callback":507,"file":503,"line":508},"wppa_cleanup","wppa_do_cleanup",134,{"type":374,"name":510,"callback":511,"file":503,"line":512},"wppa_update_treecounts","wppa_do_update_treecounts",351,{"type":374,"name":514,"callback":515,"file":516,"line":402},"do_meta_boxes","wppa_email_subscription","wppa-dashboard-widgets.php",{"type":374,"name":514,"callback":518,"file":516,"line":519},"wppa_activity",56,{"type":374,"name":514,"callback":521,"file":516,"line":522},"wppa_potdlog",188,{"type":374,"name":465,"callback":524,"file":525,"line":526},"wppa_register_FeaTenWidget","wppa-featen-widget.php",272,{"type":374,"name":383,"callback":528,"file":529,"line":530},"wppa_do_filter","wppa-filter.php",13,{"type":421,"name":532,"callback":533,"file":529,"line":406},"the_content","wppa_add_shortcode_to_post",{"type":374,"name":465,"callback":535,"file":536,"line":537},"wppa_register_WppaGpWidget","wppa-gp-widget.php",142,{"type":374,"name":383,"callback":539,"file":540,"line":541},"wppa_gutenberg_wppa_block","wppa-gutenberg-wppa.php",24,{"type":374,"name":426,"callback":543,"file":544,"line":545},"wppa_tag_message","wppa-init.php",315,{"type":374,"name":426,"callback":547,"file":544,"line":548},"wppa_cat_message",339,{"type":374,"name":426,"callback":550,"file":544,"line":551},"wppa_check_scabn_compatibility",402,{"type":421,"name":553,"callback":554,"file":544,"line":555},"gettext","wppa_translate",543,{"type":421,"name":557,"callback":554,"priority":48,"file":544,"line":558},"widget_title",544,{"type":421,"name":560,"callback":554,"priority":48,"file":544,"line":561},"translate_text",545,{"type":421,"name":553,"callback":563,"file":544,"line":564},"wppa_album_to_gallery",547,{"type":374,"name":383,"callback":566,"file":544,"line":567},"wppa_filter_qtranslate",550,{"type":374,"name":569,"callback":570,"file":544,"line":571},"wp_head","wppa_fix_aioseo",560,{"type":374,"name":573,"callback":570,"file":544,"line":574},"admin_head",561,{"type":421,"name":576,"callback":577,"file":544,"line":578},"upload_mimes","wppa_upload_mimes",570,{"type":374,"name":580,"callback":581,"priority":48,"file":582,"line":530},"plugins_loaded","wppa_redirect","wppa-input.php",{"type":374,"name":465,"callback":584,"file":585,"line":586},"wppa_register_LasTenWidget","wppa-lasten-widget.php",292,{"type":374,"name":375,"callback":588,"file":589,"line":590},"_js_vars","wppa-listtable.php",70,{"type":374,"name":592,"callback":593,"priority":138,"file":594,"line":595},"wppa_do_mailinglist_cron","wppa_do_mailinglist","wppa-mailing.php",25,{"type":374,"name":465,"callback":597,"file":598,"line":599},"wppa_register_MultitagPhotos","wppa-multitag-widget.php",155,{"type":374,"name":601,"callback":602,"file":603,"line":504},"wp_enqueue_scripts","wppa_add_style","wppa-non-admin.php",{"type":374,"name":569,"callback":605,"priority":116,"file":603,"line":381},"wppa_add_metatags",{"type":374,"name":383,"callback":607,"priority":324,"file":603,"line":608},"wppa_load_theme",308,{"type":374,"name":610,"callback":611,"priority":48,"file":603,"line":612},"wp_footer","wppa_fbc_setup",336,{"type":421,"name":614,"callback":615,"priority":138,"file":603,"line":616},"jetpack_photon_skip_image","wppa_skip_photon",371,{"type":421,"name":618,"callback":619,"file":603,"line":620},"widget_text","do_shortcode",379,{"type":421,"name":622,"callback":623,"file":603,"line":624},"bbp_after_get_the_content_parse_args","wppa_enable_visual_editor_in_bbpress",391,{"type":421,"name":626,"callback":627,"file":603,"line":628},"bbp_get_teeny_mce_buttons","wppa_remove_image_button_in_bbpress",403,{"type":421,"name":630,"callback":631,"priority":632,"file":603,"line":633},"bbp_get_topic_content","wppa_enable_shortcodes_in_bbpress",1000,413,{"type":421,"name":635,"callback":631,"priority":632,"file":603,"line":636},"bbp_get_reply_content",414,{"type":421,"name":638,"callback":639,"priority":138,"file":603,"line":640},"autoptimize_filter_js_noptimize","wppa_nopti_js",417,{"type":374,"name":465,"callback":642,"file":643,"line":644},"wppa_register_wppaNotifyWidget","wppa-notify-widget.php",104,{"type":374,"name":646,"callback":646,"priority":138,"file":647,"line":648},"wppa_pdf_to_album","wppa-photo-files.php",1184,{"type":374,"name":465,"callback":650,"file":651,"line":652},"wppa_register_PhotoOfTheDay","wppa-potd-widget.php",271,{"type":421,"name":654,"callback":655,"priority":138,"file":656,"line":657},"wp_privacy_personal_data_exporters","register_wppa_comment_exporter","wppa-privacy-policy.php",71,{"type":421,"name":659,"callback":660,"priority":138,"file":656,"line":661},"wp_privacy_personal_data_erasers","register_wppa_comment_eraser",108,{"type":421,"name":654,"callback":663,"priority":138,"file":656,"line":664},"register_wppa_rating_exporter",176,{"type":421,"name":659,"callback":666,"priority":138,"file":656,"line":667},"register_wppa_rating_eraser",221,{"type":421,"name":654,"callback":669,"priority":138,"file":656,"line":670},"wppa_register_media_exporter",440,{"type":374,"name":672,"callback":673,"priority":138,"file":656,"line":674},"wp_privacy_personal_data_export_file_created","wppa_add_media_to_zip",446,{"type":421,"name":659,"callback":676,"priority":138,"file":656,"line":677},"wppa_register_media_eraser",602,{"type":374,"name":379,"callback":679,"file":656,"line":680},"wppa_add_privacy_policy_content",636,{"type":374,"name":465,"callback":682,"file":683,"line":468},"wppa_register_QRWidget","wppa-qr-widget.php",{"type":374,"name":383,"callback":685,"file":686,"line":687},"wppa_add_javascripts","wppa-scripts.php",306,{"type":374,"name":569,"callback":689,"priority":690,"file":686,"line":691},"wppa_set_jq_loaded",999,508,{"type":374,"name":573,"callback":689,"priority":690,"file":686,"line":693},509,{"type":374,"name":610,"callback":695,"file":686,"line":574},"wppa_print_psjs",{"type":374,"name":465,"callback":697,"file":698,"line":699},"wppa_register_SearchPhotos","wppa-search-widget.php",211,{"type":374,"name":383,"callback":701,"file":702,"line":463},"wppa_init_tab_names","wppa-setting-see-also.php",{"type":374,"name":426,"callback":704,"file":705,"line":706},"closure","wppa-setup.php",381,{"type":374,"name":465,"callback":708,"file":709,"line":710},"wppa_register_SlideshowWidget","wppa-slideshow-widget.php",357,{"type":374,"name":465,"callback":712,"file":713,"line":714},"wppa_stats_register_widget","wppa-stats-widget.php",310,{"type":374,"name":465,"callback":716,"file":717,"line":718},"wppa_register_wppaStereoWidget","wppa-stereo-widget.php",93,{"type":374,"name":383,"callback":720,"file":721,"line":463},"wppa_init_stereo","wppa-stereo.php",{"type":374,"name":465,"callback":723,"file":724,"line":725},"wppa_register_wppaSuperView","wppa-super-view-widget.php",132,{"type":374,"name":465,"callback":727,"file":728,"line":729},"wppa_register_TagcloudPhotos","wppa-tagcloud-widget.php",146,{"type":374,"name":465,"callback":731,"file":732,"line":733},"wppa_register_ThumbnailWidget","wppa-thumbnail-widget.php",270,{"type":374,"name":383,"callback":735,"file":736,"line":737},"wppa_tinymce_photo_action_init_front","wppa-tinymce-photo-front.php",11,{"type":421,"name":739,"callback":740,"priority":737,"file":736,"line":406},"mce_buttons","wppa_filter_mce_photo_button_front",{"type":421,"name":742,"callback":743,"file":736,"line":28},"mce_external_plugins","wppa_filter_mce_photo_plugin_front",{"type":374,"name":379,"callback":745,"file":746,"line":737},"wppa_tinymce_photo_action_init","wppa-tinymce-photo.php",{"type":421,"name":739,"callback":748,"priority":737,"file":746,"line":406},"wppa_filter_mce_photo_button",{"type":421,"name":742,"callback":750,"file":746,"line":28},"wppa_filter_mce_photo_plugin",{"type":374,"name":379,"callback":752,"file":753,"line":138},"wppa_tinymce_gallery_action_init","wppa-tinymce-shortcodes.php",{"type":421,"name":739,"callback":755,"file":753,"line":28},"wppa_filter_mce_gallery_button",{"type":421,"name":742,"callback":757,"file":753,"line":758},"wppa_filter_mce_gallery_plugin",19,{"type":374,"name":465,"callback":760,"file":761,"line":762},"wppa_register_TopTenWidget","wppa-topten-widget.php",619,{"type":374,"name":465,"callback":764,"file":765,"line":766},"wppa_register_UpldrWidget","wppa-upldr-widget.php",303,{"type":421,"name":768,"callback":769,"priority":138,"file":770,"line":771},"wp_read_video_metadata","wppa_fix_wp_read_video_metadata_function","wppa-upload-common.php",507,{"type":374,"name":465,"callback":773,"file":774,"line":775},"wppa_register_WppaUploadWidget","wppa-upload-widget.php",128,{"type":421,"name":777,"callback":704,"file":778,"line":779},"safe_style_css","wppa-wrappers.php",1099,{"type":374,"name":580,"callback":781,"priority":48,"file":782,"line":783},"wppa_init_timer","wppa.php",32,{"type":374,"name":580,"callback":785,"priority":48,"file":782,"line":786},"wppa_get_session_id",48,{"type":374,"name":383,"callback":788,"priority":48,"file":782,"line":789},"wppa_begin_session",156,{"type":374,"name":379,"callback":788,"priority":48,"file":782,"line":791},157,{"type":374,"name":383,"callback":793,"priority":48,"file":782,"line":794},"wppa_init_path_and_url_constants",160,{"type":374,"name":383,"callback":796,"file":782,"line":797},"wppa_init_language",163,{"type":374,"name":383,"callback":799,"priority":463,"file":782,"line":800},"wppa_admin_bar_init",166,{"type":374,"name":802,"callback":803,"file":782,"line":804},"shutdown","wppa_session_end",169,{"type":374,"name":806,"callback":704,"file":782,"line":807},"rest_api_init",172,[809,815],{"action":810,"nopriv":811,"callback":812,"hasNonce":813,"hasCapCheck":813,"file":472,"line":814},"wppa",false,"wppa_ajax_callback",true,42,{"action":810,"nopriv":813,"callback":812,"hasNonce":813,"hasCapCheck":813,"file":472,"line":816},43,[818],{"namespace":4,"route":819,"methods":820,"callback":812,"permissionCallback":823,"file":782,"line":824},"\u002FendPoint\u002F",[821,822],"GET","POST","__return_true",173,[826,831,835,838,842],{"tag":827,"callback":828,"file":829,"line":830},"cart","wppa_add_to_cart","wppa-cart.php",115,{"tag":832,"callback":833,"file":529,"line":834},"wppa_div","wppa_shortcode_div",122,{"tag":810,"callback":836,"file":529,"line":837},"wppa_shortcodes",1041,{"tag":839,"callback":840,"file":529,"line":841},"wppa_set","wppa_set_shortcodes",1080,{"tag":23,"callback":843,"file":529,"line":844},"wppa_photo_shortcodes",1125,[846,848,849,851,853,855],{"hook":501,"callback":501,"file":503,"line":847},62,{"hook":506,"callback":506,"file":503,"line":729},{"hook":506,"callback":506,"file":503,"line":850},150,{"hook":510,"callback":510,"file":503,"line":852},363,{"hook":592,"callback":592,"file":594,"line":854},77,{"hook":646,"callback":646,"file":647,"line":856},1164,8,{"dangerousFunctions":859,"sqlUsage":882,"outputEscaping":885,"fileOperations":159,"externalRequests":314,"nonceChecks":519,"capabilityChecks":952,"bundledLibraries":953},[860,864,867,871,876,879],{"fn":861,"file":472,"line":862,"context":863},"exec",4280,"exec( escapeshellcmd( $value . '\u002Fconvert' ), $out, $err );",{"fn":861,"file":647,"line":865,"context":866},855,"$run  = exec( escapeshellcmd( $path . $command ), $out, $err );",{"fn":861,"file":868,"line":869,"context":870},"wppa-setting-functions.php",660,"exec( escapeshellcmd( $path . '\u002Fconvert -version' ), $out, $err );",{"fn":872,"file":873,"line":874,"context":875},"unserialize","wppa-utils.php",5248,"$result = unserialize( $result );",{"fn":872,"file":778,"line":877,"context":878},663,"return unserialize( $xstring, array( 'allowed_classes' => array( 'wfCart' ) ) );",{"fn":872,"file":778,"line":880,"context":881},666,"return unserialize( $xstring, array( 'allowed_classes' => false ) );",{"prepared":883,"raw":29,"locations":884},437,[],{"escaped":886,"rawEcho":887,"locations":888},895,30,[889,892,894,896,898,900,902,904,906,908,910,912,914,916,918,920,922,924,926,928,930,932,934,936,939,942,944,946,948,950],{"file":472,"line":890,"context":891},445,"raw output",{"file":472,"line":893,"context":891},628,{"file":472,"line":895,"context":891},643,{"file":472,"line":897,"context":891},662,{"file":472,"line":899,"context":891},712,{"file":472,"line":901,"context":891},761,{"file":472,"line":903,"context":891},843,{"file":472,"line":905,"context":891},846,{"file":472,"line":907,"context":891},981,{"file":472,"line":909,"context":891},1024,{"file":472,"line":911,"context":891},1055,{"file":472,"line":913,"context":891},1063,{"file":472,"line":915,"context":891},1101,{"file":472,"line":917,"context":891},1253,{"file":472,"line":919,"context":891},1261,{"file":472,"line":921,"context":891},1302,{"file":472,"line":923,"context":891},1315,{"file":472,"line":925,"context":891},1761,{"file":472,"line":927,"context":891},4473,{"file":472,"line":929,"context":891},4514,{"file":472,"line":931,"context":891},4546,{"file":472,"line":933,"context":891},4557,{"file":472,"line":935,"context":891},4720,{"file":937,"line":938,"context":891},"wppa-album-admin-autosave.php",627,{"file":940,"line":941,"context":891},"wppa-functions.php",4633,{"file":940,"line":943,"context":891},4642,{"file":940,"line":945,"context":891},4665,{"file":940,"line":947,"context":891},4687,{"file":940,"line":949,"context":891},4714,{"file":940,"line":951,"context":891},4849,210,[954],{"name":955,"version":38,"knownCves":956},"TinyMCE",[],[958,995],{"entryPoint":959,"graph":960,"unsanitizedCount":994,"severity":56},"wppa_ajax_callback (wppa-ajax.php:45)",{"nodes":961,"edges":989},[962,967,971,977,981,984],{"id":963,"type":964,"label":965,"file":472,"line":966},"n0","source","$_POST",2235,{"id":968,"type":969,"label":970,"file":472,"line":966},"n1","transform","→ wppa_echo()",{"id":972,"type":973,"label":974,"file":778,"line":975,"wp_function":976},"n2","sink","echo() [XSS]",807,"echo",{"id":978,"type":964,"label":979,"file":472,"line":980},"n3","$_FILES",3674,{"id":982,"type":969,"label":983,"file":472,"line":980},"n4","→ wppa_put_contents()",{"id":985,"type":973,"label":986,"file":778,"line":987,"wp_function":988},"n5","fopen() [File Access]",520,"fopen",[990,991,992,993],{"from":963,"to":968,"sanitized":811},{"from":968,"to":972,"sanitized":811},{"from":978,"to":982,"sanitized":811},{"from":982,"to":985,"sanitized":811},2,{"entryPoint":996,"graph":997,"unsanitizedCount":994,"severity":56},"\u003Cwppa-ajax> (wppa-ajax.php:0)",{"nodes":998,"edges":1010},[999,1001,1002,1003,1004,1005,1006,1008],{"id":963,"type":964,"label":965,"file":472,"line":1000},546,{"id":968,"type":973,"label":974,"file":472,"line":935,"wp_function":976},{"id":972,"type":964,"label":965,"file":472,"line":966},{"id":978,"type":969,"label":970,"file":472,"line":966},{"id":982,"type":973,"label":974,"file":778,"line":975,"wp_function":976},{"id":985,"type":964,"label":979,"file":472,"line":980},{"id":1007,"type":969,"label":983,"file":472,"line":980},"n6",{"id":1009,"type":973,"label":986,"file":778,"line":987,"wp_function":988},"n7",[1011,1012,1013,1014,1015],{"from":963,"to":968,"sanitized":813},{"from":972,"to":978,"sanitized":811},{"from":978,"to":982,"sanitized":811},{"from":985,"to":1007,"sanitized":811},{"from":1007,"to":1009,"sanitized":811},{"summary":1017,"deductions":1018},"The \"wp-photo-album-plus\" v9.1.09.003 plugin exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and a high percentage of properly escaped output, several areas raise concerns.  The static analysis reveals a small but unprotected REST API route, indicating a potential entry point for unauthenticated attacks. Additionally, the presence of dangerous functions like `exec` and `unserialize` within the code, even if not directly exploited in the analyzed flows, warrants caution as they can be vectors for more severe vulnerabilities if misused.\n\nThe plugin's vulnerability history is a significant red flag. With a total of 18 known CVEs, including 3 critical, 4 high, and 11 medium vulnerabilities, this indicates a recurring pattern of security weaknesses. The common vulnerability types, such as XSS, Code Injection, Unrestricted Uploads, Authorization Bypass, and SQL Injection, suggest a history of insecure input handling and insufficient access control. Although there are currently no unpatched CVEs, the sheer volume and severity of past issues suggest a codebase that has historically been prone to significant security flaws. The most recent vulnerability in 2026 further emphasizes the need for ongoing vigilance.\n\nIn conclusion, \"wp-photo-album-plus\" v9.1.09.003 has some strengths in its SQL handling and output escaping. However, the unprotected REST API endpoint, the presence of dangerous functions, and the extensive history of critical and high-severity vulnerabilities significantly detract from its overall security. Users should be aware that while the current version may not have unpatched CVEs, the historical track record suggests a higher inherent risk and potential for future undiscovered vulnerabilities.",[1019,1021,1023,1025,1028,1030],{"reason":1020,"points":857},"Unprotected REST API route",{"reason":1022,"points":104},"Presence of dangerous functions (exec, unserialize)",{"reason":1024,"points":758},"History of 3 critical CVEs",{"reason":1026,"points":1027},"History of 4 high CVEs",16,{"reason":1029,"points":737},"History of 11 medium CVEs",{"reason":1031,"points":116},"Flows with unsanitized paths","2026-03-16T17:48:19.167Z",{"wat":1034,"direct":1039},{"assetPaths":1035,"generatorPatterns":1036,"scriptPaths":1037,"versionParams":1038},[],[],[],[],{"cssClasses":1040,"htmlComments":1041,"htmlAttributes":1042,"restEndpoints":1043,"jsGlobals":1044,"shortcodeOutput":1045},[],[],[],[],[],[]]