123 matches found
CVE-2022-41135
Unauth. Plugin Settings Change vulnerability in Modula plugin = 2.6.9 on WordPress...
CVE-2022-41135
Unauth. Plugin Settings Change vulnerability in Modula plugin = 2.6.9 on WordPress...
Code injection
Unauth. Plugin Settings Change vulnerability in Modula plugin = 2.6.9 on WordPress...
CVE-2022-41135
The CVE concerns the WordPress Modula image gallery plugin. Affected versions are Modula (WordPress) up to 2.6.9 (and related entries reference 2.6.91/2.6.10 as fixed/versioning in separate sources). The vulnerability is unauthenticated (no credentials required) and allows modification of plugin ...
CVE-2022-41135 WordPress Modula plugin <= 2.6.9 - Unauth. Plugin Settings Change vulnerability
Unauth. Plugin Settings Change vulnerability in Modula plugin = 2.6.9 on WordPress...
CVE-2022-41135 WordPress Modula plugin <= 2.6.9 - Unauth. Plugin Settings Change vulnerability
Unauth. Plugin Settings Change vulnerability in Modula plugin = 2.6.9 on WordPress...
PT-2022-25667 · WordPress · Modula
Name of the Vulnerable Software and Affected Versions: Modula plugin versions prior to 2.6.10 Description: The issue allows unauthorized changes to plugin settings. Recommendations: For Modula plugin versions prior to 2.6.10, update to version 2.6.10 or later to resolve the issue...
WordPress plugin Modula 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Modula < 2.6.91 - Unauthenticated Troubleshooting Settings Update
The plugin does not have authorisation and CSRF checks when updating its troubleshooting settings, which could allow any unauthenticated user to update them...
WordPress Modula plugin <= 2.6.9 - Unauth. Plugin Settings Change vulnerability
Unauth. Plugin Settings Change vulnerability discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress Modula plugin versions = 2.6.9. Solution Update the WordPress Modula Image Gallery plugin to the latest available version at least 2.6.91...
Modula Image Gallery < 2.6.7 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/edit.php?posttype=modula-gallery=modula-addons" Other URLs are affected...
Modula Image Gallery < 2.6.7 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/edit.php?posttype=modula-gallery&page=modula-addons&a"alert/XSS/ Other URLs are affected...
WordPress Modula Image Gallery plugin <= 2.6.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Modula Image Gallery plugin versions = 2.6.6. Solution Update the WordPress Modula Image Gallery plugin to the latest available version at least 2.6.7...
WordPress Modula Image Gallery Plugin < 2.2.5 XSS Vulnerability
The WordPress plugin Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
WordPress Modula Image Gallery Cross-Site Scripting Vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language.Modula Image Gallery is used in one of the gallery gallery plugin. A cross-site scripting vulnerability exists in WordPress Modula Image Gallery versions prior to 2.2.5. The vulnerability stems from ...
CVE-2020-9003
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users...
CVE-2020-9003
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users...
Cross site scripting
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users...
CVE-2020-9003
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users...
CVE-2020-9003
Summary of CVE-2020-9003 (Modula Image Gallery, WordPress) : A stored XSS vulnerability affects the WordPress Modula Image Gallery plugin, specifically versions before 2.2.5. An authenticated, low-privileged user can inject arbitrary JavaScript code that is then viewed by other users, enabling cl...