Modula Image Gallery
CVE-2020-9003
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users.
AnalysisAI
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users. Affected products include: Wpchill Modula Image Gallery. Version information: before 2.2.5.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Modula Image Gallery
View allThe Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validatio
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path val
PHP Object Injection in the Modula Image Gallery WordPress plugin (versions ≤ 2.14.18) allows authenticated authors to t
Subscriber-level stored Cross-Site Scripting in the Modula Image Gallery WordPress plugin (versions up to and including
The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled Fanc
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validatio
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today