Modula Image Gallery
by WordPress
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39481 | Hig | 0.47 | 7.2 | — | Jun 15, 2026 | Author PHP Object Injection in Modula Image Gallery <= 2.14.18 versions. | ||
| CVE-2026-42688 | Med | 0.42 | 6.5 | — | Jun 15, 2026 | Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions. | ||
| CVE-2024-12853 | 0.01 | — | 0.16 | Jan 8, 2025 | The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access… | |||
| CVE-2024-9416 | 0.00 | — | 0.00 | Apr 3, 2025 | The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions <= 5.0.36) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for… | |||
| CVE-2020-9003 | 0.00 | — | 0.01 | Feb 20, 2020 | A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users. |
- risk 0.47cvss 7.2epss —
Author PHP Object Injection in Modula Image Gallery <= 2.14.18 versions.
- risk 0.42cvss 6.5epss —
Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
- CVE-2024-12853Jan 8, 2025risk 0.01cvss —epss 0.16
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access…
- CVE-2024-9416Apr 3, 2025risk 0.00cvss —epss 0.00
The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions <= 5.0.36) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…
- CVE-2020-9003Feb 20, 2020risk 0.00cvss —epss 0.01
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users.