cleantalk
Vulnerabilities and Security Researches

Customizable WordPress Gallery Plugin – Modula Image Gallery, CVE-2025-14003

CVE, Research URL

CVE-2025-14003

Home page URL

Security reports for Customizable WordPress Gallery Plugin – Modula Image Gallery

Application

Customizable WordPress Gallery Plugin – Modula Image Gallery

Published on
Dec 15, 2025
Research Description
The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `add_images_to_gallery_callback()` function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers, with Author-level access and above, to add images to arbitrary Modula galleries owned by other users.
Affected versions
max 2.13.4.
Status
vulnerable
Previous vulnerability researches
WC Fields Factory (CVE-2023-0277) , Jun 07, 2024
WC Fields Factory (6cc027737736ffa5a4ad7d18f7aacab3368b4dae) , Jun 07, 2024
New vulnerability
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2025-68040) , Jan 11, 2026
Debt.com Business in a Box (CVE-2025-13852) , Jan 11, 2026
Flaming Password Reset (CVE-2025-68875) , Jan 11, 2026
Popup Builder (CVE-2025-14446) , Jan 11, 2026
Easy Social (CVE-2025-53235) , Jan 11, 2026