Lucene search
K
WpchillModula Image Gallery

5 matches found

CVE
CVE
added 2020/02/20 9:52 p.m.118 views

CVE-2020-9003

Summary of CVE-2020-9003 (Modula Image Gallery, WordPress) : A stored XSS vulnerability affects the WordPress Modula Image Gallery plugin, specifically versions before 2.2.5. An authenticated, low-privileged user can inject arbitrary JavaScript code that is then viewed by other users, enabling cl...

5.4CVSS5.2AI score0.01042EPSS
CVE
CVE
added 2025/01/08 9:18 a.m.57 views

CVE-2024-12853

CVE-2024-12853 concerns Modula Image Gallery for WordPress. The Wordfence document confirms an authenticated Arbitrary File Upload vulnerability in the Modula Image Gallery plugin (versions up to and including 2.11.10) enabling Author+ level attackers to upload arbitrary files on the server, with...

8.8CVSS8.9AI score0.00848EPSS
CVE
CVE
added 2025/04/03 12:22 p.m.51 views

CVE-2024-9416

The CVE-2024-9416 entry maps to Modula Image Gallery (WordPress) and is a Stored DOM-based Cross-Site Scripting vulnerability via the plugin’s bundled FancyBox JavaScript library (versions up to 5.x). Root cause: insufficient input sanitization and output escaping on user-supplied attributes, ena...

6.4CVSS5.9AI score0.00196EPSS
CVE
CVE
added 2025/12/03 2:25 a.m.22 views

CVE-2025-13646

Summary: CVE-2025-13646 affects the Modula Image Gallery plugin for WordPress (versions 2.13.1–2.13.2). The root cause is missing file type validation in the ajax_unzip_file function, enabling authenticated attackers with Author-level access or higher to upload arbitrary files via a race conditio...

7.5CVSS7.1AI score0.00695EPSS
CVE
CVE
added 2025/12/03 2:25 a.m.16 views

CVE-2025-13645

The CVE-2025-13645 entry concerns the Modula Image Gallery WordPress plugin. Affected versions 2.13.1–2.13.2 are vulnerable to arbitrary file deletion due to insufficient file path validation in the ajax_unzip_file function. Authenticated attackers with Author-level access or higher can delete ar...

7.2CVSS7.2AI score0.0095EPSS