5 matches found
CVE-2026-42688
Subscriber Cross Site Scripting XSS in Modula Image Gallery = 2.14.23 versions...
PT-2026-49462
Subscriber Cross Site Scripting XSS in Modula Image Gallery = 2.14.23 versions...
WordPress Modula Image Gallery plugin <= 2.14.23 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Modula Image Gallery versions = 2.14.23...
CVE-2025-12968
The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all versions up to, and including, 2.14.42. This is due to the uploadfile function in the infilityimportfile class only validating the MIME type which can ...
CVE-2025-12968 Infility Global <= 2.14.42 - Authenticated (Subscriber+) Arbitrary File Upload
The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all versions up to, and including, 2.14.42. This is due to the uploadfile function in the infilityimportfile class only validating the MIME type which can ...