WordPress Modula Image Gallery plugin <= 2.14.23 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Modula Image Gallery versions = 2.14.23...

CVE-2025-12968

The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all versions up to, and including, 2.14.42. This is due to the uploadfile function in the infilityimportfile class only validating the MIME type which can ...

CVE-2025-12968 Infility Global <= 2.14.42 - Authenticated (Subscriber+) Arbitrary File Upload

The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all versions up to, and including, 2.14.42. This is due to the uploadfile function in the infilityimportfile class only validating the MIME type which can ...