Modula Image Gallery <= 2.10.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox 5 JavaScript Library

Vulnerability

The Modula Image Gallery plugin for WordPress (versions <= 2.14.28) is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library. The vulnerability stems from insufficient input sanitization and output escaping on user supplied attributes, allowing malicious scripts to be stored and executed [1].

Exploitation

An authenticated attacker with contributor-level access or above can exploit this vulnerability by injecting arbitrary web scripts through vulnerable attributes in gallery elements. When an administrator or other user accesses a page containing the injected gallery, the stored script executes in their browser [1].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser session on the WordPress site. This can lead to session hijacking, defacement, or theft of sensitive information, including administrative credentials if a privileged user views the compromised page [1].

Mitigation

The official WordPress plugin repository does not list a specific patched version at the time of publication. Users should monitor the plugin's changelog and update to the latest version when a fix is released. As a workaround, restrict contributor and editor roles or apply a web application firewall rule to block XSS payloads [1].