CVE-2024-12853

High CVSS: 8.8

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Vendor

Wpchill

Product

Modula Image Gallery

CWE

CWE-434

Yayın Tarihi

2025-01-08 10:15:06

Güncelleme

2025-12-15 15:39:10

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-434 Modula Image Gallery HIGH Wpchill 2025

Referanslar

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3218127%40modula-best-grid-gallery&new=3218127%40modula-best-grid-gallery&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/ef86b1f2-d5aa-4e83-a792-5fa35734b3d3?source=cve

Benzer Kayıtlar

High

CVE-2025-13646

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validatio…

High

CVE-2025-13645

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path val…

Medium

CVE-2024-9416

The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled Fanc…

Medium

CVE-2024-11282

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure i…