cleantalk
Vulnerabilities and Security Researches

Customizable WordPress Gallery Plugin – Modula Image Gallery, 99d6f905b92bff123934dfbae2441c05f02a0781

CVE, Research URL

99d6f905b92bff123934dfbae2441c05f02a0781

Home page URL

Security reports for Customizable WordPress Gallery Plugin – Modula Image Gallery

Application

Customizable WordPress Gallery Plugin – Modula Image Gallery

Published on
Sep 10, 2023
Research Description
Modula Image Gallery &#8211; Photo Grid &amp; Video Gallery [modula-best-grid-gallery] < 2.7.5 Modula <= 2.7.4 - Incomplete Authorization via 'save_image' and 'save_images' The Modula plugin for WordPress is vulnerable to unauthorized modification of data due to an incomplete capability check on the 'save_image' and 'save_images' functions in versions up to, and including, 2.7.4. This makes it possible for authenticated attackers with the 'edit_others_posts' but not the 'edit_posts' capability to save images. Note that this would only be considered a vulnerability on extremely unusual configurations.
Affected versions
max 2.7.5.
Status
vulnerable
Previous vulnerability researches
Customizable WordPress Gallery Plugin &#8211; Modula Image Gallery (CVE-2026-39481) , May 02, 2026
Customizable WordPress Gallery Plugin &#8211; Modula Image Gallery (CVE-2020-9003) , Jun 07, 2024
Customizable WordPress Gallery Plugin &#8211; Modula Image Gallery (CVE-2024-9416) , Apr 04, 2025
Customizable WordPress Gallery Plugin &#8211; Modula Image Gallery (CVE-2022-41135) , Jun 07, 2024
Customizable WordPress Gallery Plugin &#8211; Modula Image Gallery (CVE-2024-12853) , Jan 08, 2025
New vulnerability
WooCommerce Digital Signature (CVE-2026-52694) , Jun 17, 2026
Permalink Manager Lite (CVE-2026-8494) , Jun 17, 2026
Static Block (CVE-2026-10780) , Jun 17, 2026
wpDataTables &#8211; WordPress Data Table, Dynamic Tables &amp; Table Charts Plugin (CVE-2026-49080) , Jun 16, 2026
The Events Calendar (CVE-2026-49772) , Jun 16, 2026