CVE-2025-13891
Unknown Unknown - Not Provided
Path Traversal in Image Gallery Plugin Allows Directory Enumeration

Publication date: 2025-12-12

Last updated on: 2025-12-12

Assigner: Wordfence

Description
The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.13.3. This is due to the modula_list_folders AJAX endpoint that lacks proper path validation and base directory restrictions. While the endpoint verifies user capabilities (Author+ with upload_files and edit_posts permissions), it fails to validate that user-supplied directory paths reside within safe directories. This makes it possible for authenticated attackers, with Author-level access and above, to enumerate arbitrary directories on the server via the modula_list_folders endpoint.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-12
Last Modified
2025-12-12
Generated
2026-06-16
AI Q&A
2025-12-12
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13891
EUVD
EUVD-2025-203051
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpress photo_grid *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Path Traversal issue in the Image Gallery – Photo Grid & Video Gallery plugin for WordPress, affecting all versions up to 2.13.3. It occurs because the modula_list_folders AJAX endpoint does not properly validate user-supplied directory paths or restrict them to safe base directories. Although it checks user capabilities (Author+ with upload_files and edit_posts permissions), it allows authenticated users with Author-level access or higher to enumerate arbitrary directories on the server.

Impact Analysis

An attacker with Author-level access or higher can exploit this vulnerability to enumerate arbitrary directories on the server. This could lead to unauthorized disclosure of sensitive files or information stored on the server, potentially compromising the confidentiality of data.

Detection Guidance

You can detect this vulnerability by checking if your WordPress installation is running the Image Gallery – Photo Grid & Video Gallery plugin version 2.13.3 or earlier. Since the vulnerability involves the modula_list_folders AJAX endpoint allowing directory enumeration by authenticated users with Author+ roles, you can monitor HTTP requests to this endpoint for suspicious directory traversal patterns. For example, use network monitoring tools or web server logs to look for requests to 'wp-admin/admin-ajax.php?action=modula_list_folders' with parameters containing '../' sequences or unusual folder paths. Additionally, you can run commands to check the installed plugin version, such as: `wp plugin list --format=json | jq '.[] | select(.name=="modula-best-grid-gallery")'` to verify the plugin version. If you have access to the server, you can also inspect the plugin files to confirm the version. However, no specific detection commands are provided in the resources. [1]

Mitigation Strategies

The immediate mitigation step is to update the Image Gallery – Photo Grid & Video Gallery plugin to version 2.13.4 or later, as this version includes security fixes that address the vulnerability by enforcing stricter permission checks and improved folder path validation. If updating immediately is not possible, restrict Author-level users from accessing the modula_list_folders AJAX endpoint or limit their permissions to prevent exploitation. Additionally, monitor and audit user activities related to gallery editing and file uploads to detect any suspicious behavior. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13891. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart