Gallery plugins are security-relevant because they render user-controlled presentation data (titles, captions, alt text, links) across public pages and often provide rich admin-side builders and lightbox features. If output handling, access control, or request integrity is weak, attackers can target stored XSS through captions or settings, force configuration changes via CSRF, or expose media metadata through misprotected endpoints. Modula Image Gallery – Photo Grid & Video Gallery version 2.14.22 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64640, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for media gallery and front-end rendering plugins.
| Name of | Modula Image Gallery – Photo Grid & Video Gallery |
| Version | 2.14.22 |
| Active installations | 100,000+ |
| Description | Create responsive image galleries with drag-and-drop grid builder. Custom layouts, video support, AI optimization. Works with any theme. |
| Security | Successfully tested for: SQL Injection (SQLi) Cross-Site Scripting (XSS) – Stored & Reflected Cross-Site Request Forgery (CSRF) Authentication Vulnerabilities Authentication Bypass Exploits Privilege Escalation Buffer Overflow Denial-of-Service (DoS) vectors Data Leakage Vulnerabilities Insecure Dependency Usage Remote Code Execution (RCE) Risks Unauthorized File Access Insufficient Injection Protection Information Disclosure via Misconfigured Endpoints |
| CleanTalk Certification | Proudly earned the “Plugin Security Certification” (PSC) from CleanTalk, indicating adherence to stringent security standards. |
| Additional Information | Site owners can publish image and video galleries with the assurance of the “Plugin Security Certification” (PSC). As a best practice, restrict gallery creation and global settings access to trusted roles, and treat captions and custom text fields as security-sensitive output. |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
PSC by CleantalkJoin the community of developers who prioritize security. Highlight your plugin in the WordPress catalog.
Key Features
Modula Image Gallery – Photo Grid & Video Gallery focuses on building responsive galleries with a drag-and-drop grid builder that allows custom layouts without coding. It supports multiple gallery styles such as custom grid and masonry-like layouts, provides front-end viewing features like lightbox presentation, and includes capabilities to mix richer media types through video gallery support. The plugin integrates cleanly into typical WordPress publishing workflows via shortcodes and a dedicated block, making it practical to embed galleries into posts, pages, and builder-driven layouts. From a security standpoint, these features matter because they combine admin-side configuration with front-end rendering of stored titles, captions, and display settings, which requires consistent authorization and safe output encoding.
Security Assurance
The CleanTalk Plugin Security Certification evaluation for gallery plugins focuses on attacker models that target stored content rendering and administrative workflow integrity. Common abuse patterns include injecting JavaScript into captions, titles, or configurable labels that are later rendered on public pages or in admin previews (stored XSS), forcing configuration changes via CSRF against administrators (changing global gallery behavior or display settings), and probing any helper endpoints for information disclosure (media identifiers, internal diagnostics, or configuration state). The review validates that administrative functionality is restricted to appropriate roles with consistent capability checks in the underlying handlers, that state-changing actions are protected by nonce and CSRF defenses, and that values rendered into HTML contexts are output-encoded appropriately. Because galleries rely on media metadata and can surface links and attributes, the review also considers safe handling of URLs, conservative exposure of diagnostics, and prevention of unintended access to protected resources.
The plugin has been successfully tested for:
✅ Information Leakage Vulnerabilities
✅ SQL Injection Vulnerabilities
✅ Cross-Site Scripting (XSS) Attacks
✅ Cross-Site Request Forgery (CSRF) Attacks
✅ Authentication & Authentication Bypass Vulnerabilities
✅ Privilege Escalation Vulnerabilities
✅ Buffer Overflow Vulnerabilities
✅ Denial-of-Service (DoS) Vulnerabilities
✅ Data Leakage Vulnerabilities
✅ Insecure Dependencies
✅ Code Execution Vulnerabilities
✅ File Unauthorized Access Vulnerabilities
✅ Insufficient Injection Protection
Conclusion
With PSC-2026-64640, Modula Image Gallery – Photo Grid & Video Gallery version 2.14.22 demonstrates strong baseline security for the workflows that matter most in gallery plugins: controlled access to gallery management, safe rendering of stored metadata and settings, and consistent protections against common WordPress vulnerability classes that target endpoints, handlers, and output contexts. This certification helps site owners publish image and video galleries with reduced risk that presentation features become an unintended injection or configuration attack surface. As a best practice, keep gallery configuration limited to trusted roles, avoid embedding untrusted HTML in captions or custom fields, and keep the plugin updated as WordPress rendering contexts evolve.
Note: The date and certification information may change over time. It is advisable to verify the latest details on the plugin developer’s website.