CVE-2025-13891 Image Gallery – Photo Grid & Video Gallery (Modula) <= 2.13.3 - Missing Authorization to Arbitrary Directory Listing

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.13.3. This is due to the modulalistfolders AJAX endpoint that lacks proper path validation and base directory restrictions. While the endpoint verifies user...

CVE-2025-13891 Image Gallery – Photo Grid & Video Gallery (Modula) <= 2.13.3 - Missing Authorization to Arbitrary Directory Listing

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.13.3. This is due to the modulalistfolders AJAX endpoint that lacks proper path validation and base directory restrictions. While the endpoint verifies user...

WordPress Modula plugin 2.13.1-2.13.2 - Authenticated (Author+) Arbitrary File Upload via Race Condition vulnerability

Authenticated Author+ Arbitrary File Upload via Race Condition vulnerability discovered by 0xQRx in WordPress Plugin Modula Image Gallery versions 2.13.1-2.13.2...

EUVD-2022-44377

Malicious code in bioql PyPI...

Modula < 2.7.5 - Incomplete Authorization via 'save_image' and 'save_images'

Description The Modula plugin for WordPress is vulnerable to unauthorized modification of data due to an incomplete capability check on the 'saveimage' and 'saveimages' functions in versions up to, and including, 2.7.4. This makes it possible for authenticated attackers with the 'editothersposts'...

CVE-2022-41135

Unauth. Plugin Settings Change vulnerability in Modula plugin = 2.6.9 on WordPress...

CVE-2022-41135

Unauth. Plugin Settings Change vulnerability in Modula plugin = 2.6.9 on WordPress...

CVE-2022-41135

The CVE concerns the WordPress Modula image gallery plugin. Affected versions are Modula (WordPress) up to 2.6.9 (and related entries reference 2.6.91/2.6.10 as fixed/versioning in separate sources). The vulnerability is unauthenticated (no credentials required) and allows modification of plugin ...

CVE-2022-41135 WordPress Modula plugin <= 2.6.9 - Unauth. Plugin Settings Change vulnerability

Unauth. Plugin Settings Change vulnerability in Modula plugin = 2.6.9 on WordPress...

CVE-2022-41135 WordPress Modula plugin <= 2.6.9 - Unauth. Plugin Settings Change vulnerability

Unauth. Plugin Settings Change vulnerability in Modula plugin = 2.6.9 on WordPress...

PT-2022-25667 · WordPress · Modula

Name of the Vulnerable Software and Affected Versions: Modula plugin versions prior to 2.6.10 Description: The issue allows unauthorized changes to plugin settings. Recommendations: For Modula plugin versions prior to 2.6.10, update to version 2.6.10 or later to resolve the issue...

WordPress plugin Modula 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Modula plugin <= 2.6.9 - Unauth. Plugin Settings Change vulnerability

Unauth. Plugin Settings Change vulnerability discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress Modula plugin versions = 2.6.9. Solution Update the WordPress Modula Image Gallery plugin to the latest available version at least 2.6.91...

Modula < 2.6.91 - Unauthenticated Troubleshooting Settings Update

The plugin does not have authorisation and CSRF checks when updating its troubleshooting settings, which could allow any unauthenticated user to update them...