A vulnerability identified as problematic has been detected in WP Photo Album Plus Plugin up to 9.0.11.006 on WordPress. This issue affects the function wppa_user_upload. Performing manipulation results in cross site scripting.

This vulnerability is cataloged as CVE-2025-8726. It is possible to initiate the attack remotely. There is no exploit available.