Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
Modula Image Gallery plugin allows attackers to modify any WordPress post
CVE-2026-1254
Summary
The Modula Image Gallery plugin for WordPress has a security issue that allows authorized users to update posts they shouldn't be able to edit. This means users with contributor level access or higher can change the title, description, and content of any post by exploiting this vulnerability. To stay secure, update the plugin to the latest version or remove it if you're not using it.
Original title
The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.13.6. This is due to the plugin not properly...
Original description
The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.13.6. This is due to the plugin not properly verifying that a user is authorized to modify specific posts before updating them via the REST API. This makes it possible for authenticated attackers, with contributor level access and above, to update the title, excerpt, and content of arbitrary posts by passing post IDs in the modulaImages field when editing a gallery.
nvd CVSS3.1
4.3
Vulnerability type
CWE-862
Missing Authorization
Published: 14 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026