GCVE - cpe:2.3:a:jordy_meow:photo_engine:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:jordy_meow:photo_engine:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Jordy Meow (`799d566d-26b4-5c59-840e-1af2704eb14a`)
Product	Photo Engine (`fea8fcf2-246d-5ca3-b182-5528852d156d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-32524`	vulnerable	2026-06-03 15:20:43.164115	WordPress Photo Engine plugin <= 6.4.9 - Arbitrary File Upload vulnerability CRITICAL (9.1) Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through <= 6.4.9. Published: 2026-03-25T16:15:08.023Z Updated: 2026-04-29T09:52:00.984Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/wplr-sync/vulnerability/wordpress-photo-engine-plugin-6-4-9-arbitrary-file-upload-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-54672`	vulnerable	2026-06-03 15:04:56.509068	WordPress Photo Engine Plugin plugin <= 6.4.3 - Cross Site Request Forgery (CSRF) Vulnerability MEDIUM (4.3) Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine wplr-sync allows Cross Site Request Forgery.This issue affects Photo Engine: from n/a through <= 6.4.3. Published: 2025-08-14T10:34:40.287Z Updated: 2026-04-28T16:13:33.949Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/wplr-sync/vulnerability/wordpress-photo-engine-plugin-plugin-6-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-43332`	vulnerable	2026-06-03 14:56:45.003733	WordPress Photo Engine plugin <= 6.4.0 - Broken Access Control vulnerability MEDIUM (4.3) Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Engine: from n/a through 6.4.0. Published: 2024-11-01T14:17:24.351Z Updated: 2026-04-28T16:10:13.168Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/wplr-sync/wordpress-photo-engine-plugin-6-4-0-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-39660`	vulnerable	2026-06-03 14:56:22.130708	WordPress Photo Engine (Media Organizer & Lightroom) plugin <= 6.3.1 - Cross Site Scripting (XSS) vulnerability MEDIUM (5.9) Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jordy Meow Photo Engine allows Stored XSS.This issue affects Photo Engine: from n/a through 6.3.1. Published: 2024-08-01T21:43:02.086Z Updated: 2026-04-28T16:10:08.357Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/wplr-sync/wordpress-photo-engine-media-organizer-lightroom-plugin-6-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.