WPChill/modula-lite

WPChill/modula-lite

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases95

Frequency2 weeks 9 hours

Last Release 7 months ago

Stars19

https://wordpress.org/plugins/modula-best-grid-gallery/

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-13646 ↗	Dec 3, 2025Wednesday, 3 December 2025, 03:16	7.5 HIGH	—
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files with race condition on the affected site's server which may make remote code execution possible.
CVE-2025-13645 ↗	Dec 3, 2025Wednesday, 3 December 2025, 03:15	7.2 HIGH	—
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).