cleantalk
Vulnerabilities and Security Researches

Customizable WordPress Gallery Plugin – Modula Image Gallery, CVE-2024-9416

CVE, Research URL

CVE-2024-9416

Home page URL

Security reports for Customizable WordPress Gallery Plugin – Modula Image Gallery

Application

Customizable WordPress Gallery Plugin – Modula Image Gallery

Published on
Apr 03, 2025
Research Description
The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions <= 5.0.36) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.10.2.
Status
vulnerable
Previous vulnerability researches
Comment Approved Notifier Extended (CVE-2025-30792) , Mar 28, 2025
New vulnerability
WP SexyLightBox (CVE-2025-32478) , Apr 11, 2025
IP2Location World Clock (CVE-2025-32644) , Apr 11, 2025
Custom Smilies (CVE-2025-32482) , Apr 11, 2025
IndieBlocks (CVE-2025-31009) , Apr 11, 2025
Foliopress WYSIWYG (CVE-2025-32610) , Apr 11, 2025