WordPress Plugin Vulnerabilities

Modula Image Gallery < 2.2.5 - Authenticated Stored Cross-Site Scripting (XSS)

Description

A stored XSS vulnerability exists in the version of the plugin 2.2.4. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code into the plugin gallery image which are viewed by other users.

Affects Plugins

Plugin icon
modula-best-grid-gallery
Fixed in 2.2.5

References

CVE
CVE-2020-9003
URL
https://fortiguard.com/zeroday/FG-VD-20-041

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.4 (medium)

Miscellaneous

Verified
No
WPVDB ID
0ab47267-2de7-4d2d-bad6-4c0f74e9cab4

Timeline

Publicly Published
2020-02-19 (about 6 years ago)
Added
2020-02-19 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
WordPress-to-Lead for Salesforce CRM 1.0.1 - salesforce.php salesforce_form_shortcode Function Error Message H&ling XSS
Published
2025-01-16
Title
Custom Page Extensions <= 0.6 - Reflected Cross-Site Scripting
Published
2025-01-16
Title
Group category creator <= 1.3.0.3 - Reflected Cross-Site Scripting
Published
2021-09-20
Title
Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting
Published
2014-09-21
Title
Login Widget With Shortcode 3.1.1 - custom_style_afo Parameter Reflected XSS