cleantalk
Vulnerabilities and Security Researches

Customizable WordPress Gallery Plugin – Modula Image Gallery, CVE-2024-9416

CVE, Research URL

CVE-2024-9416

Home page URL

Security reports for Customizable WordPress Gallery Plugin – Modula Image Gallery

Application

Customizable WordPress Gallery Plugin – Modula Image Gallery

Published on
Apr 03, 2025
Research Description
The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions <= 5.0.36) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.10.2.
Status
vulnerable
Previous vulnerability researches
Happy Addons for Elementor (CVE-2025-30766) , Apr 02, 2025
Happy Addons for Elementor (CVE-2024-10538) , Nov 14, 2024
Happy Addons for Elementor (CVE-2024-12852) , Jan 09, 2025
Happy Addons for Elementor (CVE-2021-24292) , Jun 07, 2024
Happy Addons for Elementor (CVE-2024-24833) , Jun 07, 2024
New vulnerability
Woo Product Feed For Marketing Channels (CVE-2025-31377) , Apr 10, 2025
Easy custom css by webriti (CVE-2025-31395) , Apr 10, 2025
Checkout Mestres WP (CVE-2025-32695) , Apr 10, 2025
Request Call Back (CVE-2025-32483) , Apr 10, 2025
QR Master (CVE-2025-32116) , Apr 10, 2025