Wpchill Modula_image_gallery
5 CVEs affecting Wpchill Modula_image_gallery. Latest disclosed: 2025-12-03. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-12853 | High | 8.8 | 2025-01-08 | The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in al… |
CVE-2025-13646 | High | 7.5 | 2025-12-03 | The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_unzip_file' function in… |
CVE-2025-13645 | High | 7.2 | 2025-12-03 | The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_unzip_file' functi… |
CVE-2024-9416 | Medium | 6.4 | 2025-04-03 | The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions <= 5… |
CVE-2020-9003 | Medium | 5.4 | 2020-02-20 | A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an a… |