Modula Pro
Monthly
Cross-site scripting in the Modula PRO WordPress gallery plugin (versions through 2.10.8) allows unauthenticated remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they view or interact with attacker-influenced content. Reported by Patchstack and rated CVSS 7.1 with a scope change, the flaw requires user interaction but no authentication; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Cross-site scripting in the Modula PRO WordPress gallery plugin (versions through 2.10.8) allows unauthenticated remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they view or interact with attacker-influenced content. Reported by Patchstack and rated CVSS 7.1 with a scope change, the flaw requires user interaction but no authentication; no public exploit identified at time of analysis and it is not listed in CISA KEV.