High
CVSS: 7.5
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, wi…
High
CVSS: 7.2
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attacke…
Medium
CVSS: 6.4
The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions
High
CVSS: 8.8
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticate…