CVE-2026-1254
Unknown Unknown - Not Provided
Authorization Bypass in Modula Image Gallery Plugin Allows Post Modification

Publication date: 2026-02-14

Last updated on: 2026-02-14

Assigner: Wordfence

Description
The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.13.6. This is due to the plugin not properly verifying that a user is authorized to modify specific posts before updating them via the REST API. This makes it possible for authenticated attackers, with contributor level access and above, to update the title, excerpt, and content of arbitrary posts by passing post IDs in the modulaImages field when editing a gallery.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-14
Last Modified
2026-02-14
Generated
2026-06-16
AI Q&A
2026-02-14
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1254
EUVD
EUVD-2026-6038
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
modula modula_image_gallery to 2.13.6 (inc)
modula modula_best_grid_gallery 2.13.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress has an authorization bypass vulnerability in all versions up to and including 2.13.6. This occurs because the plugin does not properly verify whether a user is authorized to modify specific posts before allowing updates via the REST API.

As a result, authenticated users with contributor level access or higher can update the title, excerpt, and content of arbitrary posts by passing post IDs in the modulaImages field when editing a gallery.

Impact Analysis

This vulnerability allows authenticated users with contributor or higher privileges to modify posts they should not have permission to edit. Specifically, they can change the title, excerpt, and content of arbitrary posts by exploiting the REST API.

Such unauthorized modifications can lead to content tampering, misinformation, defacement, or insertion of malicious content, potentially damaging the integrity and trustworthiness of the website.

Compliance Impact

I don't know

Detection Guidance

Detection of this vulnerability involves identifying unauthorized modifications to post content via the REST API by users with contributor level access or higher.

You can monitor REST API requests that update posts, specifically looking for requests that modify the 'modulaImages' field with post IDs.

Commands to detect suspicious activity might include:

  • Using web server logs (e.g., Apache or Nginx) to search for POST requests to endpoints like `/wp-json/wp/v2/posts/` with payloads containing 'modulaImages'.
  • Example command to search logs for suspicious REST API updates: `grep -i 'modulaImages' /var/log/apache2/access.log`
  • Using WordPress audit or activity log plugins to track post update events by users with contributor or higher roles.
  • Checking the database for unexpected changes in post titles, excerpts, or content that correlate with unauthorized user activity.
Mitigation Strategies

The immediate mitigation step is to update the Modula Image Gallery plugin to version 2.13.7 or later, where security enhancements and permission checks have been implemented.

The update includes multiple layers of validation and permission checks to ensure only authorized users can modify image attachments associated with galleries.

  • Apply the plugin update that introduces sanitization and validation of images, including verifying user permissions before processing image attachments.
  • Restrict contributor level users from editing posts or galleries until the update is applied.
  • Monitor and audit user activity related to post and gallery modifications to detect any unauthorized changes.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1254. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart