cleantalk
Vulnerabilities and Security Researches

Customizable WordPress Gallery Plugin – Modula Image Gallery, 4c34871288ce134a3a48a286e15985617232003c

CVE, Research URL

4c34871288ce134a3a48a286e15985617232003c

Home page URL

Security reports for Customizable WordPress Gallery Plugin – Modula Image Gallery

Application

Customizable WordPress Gallery Plugin – Modula Image Gallery

Published on
Jun 06, 2022
Research Description
Modula Image Gallery &#8211; Photo Grid &amp; Video Gallery [modula-best-grid-gallery] < 2.6.7 Modula Image Gallery <= 2.6.6 - Reflected Cross-Site Scripting The Modula Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in versions up to, and including, 2.6.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 2.6.7.
Status
vulnerable
Previous vulnerability researches
Customizable WordPress Gallery Plugin &#8211; Modula Image Gallery (CVE-2026-39481) , May 02, 2026
Customizable WordPress Gallery Plugin &#8211; Modula Image Gallery (CVE-2020-9003) , Jun 07, 2024
Customizable WordPress Gallery Plugin &#8211; Modula Image Gallery (CVE-2024-9416) , Apr 04, 2025
Customizable WordPress Gallery Plugin &#8211; Modula Image Gallery (CVE-2022-41135) , Jun 07, 2024
Customizable WordPress Gallery Plugin &#8211; Modula Image Gallery (CVE-2024-12853) , Jan 08, 2025
New vulnerability
WooCommerce Digital Signature (CVE-2026-52694) , Jun 17, 2026
Permalink Manager Lite (CVE-2026-8494) , Jun 17, 2026
Static Block (CVE-2026-10780) , Jun 17, 2026
wpDataTables &#8211; WordPress Data Table, Dynamic Tables &amp; Table Charts Plugin (CVE-2026-49080) , Jun 16, 2026
The Events Calendar (CVE-2026-49772) , Jun 16, 2026