{"cve":{"cve_id":"CVE-2026-54829","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":null,"epss_percentile":null,"epss_as_of":null,"description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection.\n\nThis issue affects WP Photo Album Plus: from n/a through 9.1.13.005.","published_at":"2026-06-25T13:25:31.337000Z","last_modified_at":null,"cvss_v3_score":7.5,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-89"],"nvd_references":["https://patchstack.com/database/wordpress/plugin/wp-photo-album-plus/vulnerability/wordpress-wp-photo-album-plus-plugin-9-1-13-005-sql-injection-vulnerability?_s_id=cve"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-28T17:55:37.240342Z","updated_at":"2026-06-28T23:30:55.040689Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"L","value_label":"Low"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"jacob-n.-breetvelt","vendor_name":"Jacob N. Breetvelt","product_slug":"wp-photo-album-plus","product_name":"WP Photo Album Plus","version_start":"n/a","version_start_inclusive":true,"version_end":"9.1.13.005","version_end_inclusive":true,"cpe23_uri":"cve5:jacob-n.-breetvelt:wp-photo-album-plus:n/a:9.1.13.005"}],"exploit_refs":[],"news":[],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wp-photo-album-plus/vulnerability/wordpress-wp-photo-album-plus-plugin-9-1-13-005-sql-injection-vulnerability?_s_id=cve","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-06-25T13:25:31.337000Z","label":"CVE published","source":null}]}