3 matches found
CVE-2020-9003
Summary of CVE-2020-9003 (Modula Image Gallery, WordPress) : A stored XSS vulnerability affects the WordPress Modula Image Gallery plugin, specifically versions before 2.2.5. An authenticated, low-privileged user can inject arbitrary JavaScript code that is then viewed by other users, enabling cl...
CVE-2024-12853
CVE-2024-12853 concerns Modula Image Gallery for WordPress. The Wordfence document confirms an authenticated Arbitrary File Upload vulnerability in the Modula Image Gallery plugin (versions up to and including 2.11.10) enabling Author+ level attackers to upload arbitrary files on the server, with...
CVE-2024-9416
The CVE-2024-9416 entry maps to Modula Image Gallery (WordPress) and is a Stored DOM-based Cross-Site Scripting vulnerability via the plugin’s bundled FancyBox JavaScript library (versions up to 5.x). Root cause: insufficient input sanitization and output escaping on user-supplied attributes, ena...