Vulnerability Description
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wpchill | Modula Image Gallery | < 2.2.5 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/zeroday/FG-VD-20-041Third Party Advisory
- https://github.com/MachoThemes/modula-lite/blob/master/changelog.txtRelease NotesThird Party Advisory
- https://wordpress.org/plugins/modula-best-grid-gallery/Vendor Advisory
- https://wpvulndb.com/vulnerabilities/10077Third Party Advisory
- https://fortiguard.com/zeroday/FG-VD-20-041Third Party Advisory
- https://github.com/MachoThemes/modula-lite/blob/master/changelog.txtRelease NotesThird Party Advisory
- https://wordpress.org/plugins/modula-best-grid-gallery/Vendor Advisory
- https://wpvulndb.com/vulnerabilities/10077Third Party Advisory
FAQ
What is CVE-2020-9003?
CVE-2020-9003 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to injec...
How severe is CVE-2020-9003?
CVE-2020-9003 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-9003?
Check the references section above for vendor advisories and patch information. Affected products include: Wpchill Modula Image Gallery.