Description
Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed.
Remediation
References
Related Vulnerabilities
WordPress Plugin Wp Multiple Meta Box SQL Injection (1.0.0)
WordPress Plugin WP Simple Booking Calendar Cross-Site Request Forgery (1.3)
Next.js Deserialization of Untrusted Data Vulnerability (CVE-2025-55182)
WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Scripting (2.3.1)