cbcvebase.

Wpchill Modula Image Gallery vulnerabilities

6 known vulnerabilities affecting wpchill/modula_image_gallery.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2024-12853P2HIGHCVSS 8.8fixed in 2.11.112025-01-08
CVE-2024-12853 [HIGH] CWE-434 CVE-2024-12853: The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which ma
nvd
CVE-2025-13645P3HIGHCVSS 7.2≥ 2.13.1, < 2.13.32025-12-03
CVE-2025-13645 [HIGH] CWE-22 CVE-2025-13645: The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insuff The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote c
nvd
CVE-2025-13646P3MEDIUMCVSS 6.6≥ 2.13.1, < 2.13.32025-12-03
CVE-2025-13646 [MEDIUM] CWE-434 CVE-2025-13646: The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files with race condition on the affected site's server w
nvd
CVE-2022-41135P4MEDIUMCVSS 5.3≤ 2.6.92022-11-18
CVE-2022-41135 [MEDIUM] CWE-284 CVE-2022-41135: Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress. Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress.
nvd
CVE-2020-9003P4MEDIUMCVSS 5.4fixed in 2.2.52020-02-20
CVE-2020-9003 [MEDIUM] CWE-79 CVE-2020-9003: A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Suc A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users.
nvd
CVE-2024-9416P4MEDIUMCVSS 5.4fixed in 2.10.22025-04-03
CVE-2024-9416 [MEDIUM] CWE-79 CVE-2024-9416: The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the p The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions <= 5.0.36) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to injec
nvd
Wpchill Modula Image Gallery vulnerabilities | cvebase