PatchSiren cyber security CVE debrief
CVE-2026-42688 WP Chill CVE debrief
CVE-2026-42688 is a Subscriber Cross Site Scripting (XSS) vulnerability in Modula Image Gallery versions <= 2.14.23. The vulnerability has a CVSS score of 6.5, indicating a MEDIUM severity level. The CVE was published on 2026-06-15T21:16:56.990Z and last modified on 2026-06-15T21:24:32.790Z. For more information, refer to the [CVE-2026-42688 CVE record](resourceLinkAnnotations.cve-org) and [CVE-2026-42688 NVD detail](resourceLinkAnnotations.nvd).
- Vendor
- WP Chill
- Product
- Modula Image Gallery
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Modula Image Gallery versions <= 2.14.23 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is a Cross Site Scripting (XSS) issue in Modula Image Gallery, which allows subscribers to inject malicious scripts. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L.
Defensive priority
MEDIUM
Recommended defensive actions
- Update Modula Image Gallery to a version greater than 2.14.23.
- Refer to [Mitigation or vendor reference](resourceLinkAnnotations.ref-4) for additional information on mitigating this vulnerability.
Evidence notes
The CVE was submitted by Patchstack, as indicated by the [source item URL](resourceLinkAnnotations.source-item).
Official resources
-
CVE-2026-42688 CVE record
CVE.org
-
CVE-2026-42688 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
This CVE debrief was generated based on publicly available information and is intended for informational purposes only.