N/A
2026-04-20< 2.14.19
Modula Image Gallery – Photo Grid & Video Gallery <= 2.14.18 - Authenticated (Author+) PHP Object Injection
Modula Image Gallery – Photo Grid & Video Gallery
Minimum safe version
2.14.19
Update to 2.14.19 or later to address 19 fixable vulnerabilities
Latest available2.14.27 ✓
N/A
2026-02-13< 2.13.7
Modula Image Gallery – Photo Grid & Video Gallery <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing
Medium 4.3
2026-02-03< 2.13.7
CVE-2026-24939
Medium 5.9
2026-02-04< 2.13.5
Modula Image Gallery <= 2.13.4 - Authenticated (Author+) Stored Cross-Site Scripting
Medium 4.3
2025-12-15< 2.13.4
CVE-2025-14003
Medium 6.5
2025-12-12< 2.13.4
CVE-2025-13891
Medium 6.6
2025-12-03< 2.13.3
CVE-2025-13646
High 7.2
2025-12-03< 2.13.3
CVE-2025-13645
Medium 4.3
2025-11-15< 2.12.29
CVE-2025-12494
Medium 6.4
2025-04-03< 2.10.2
Modula Image Gallery <= 2.10.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox 5 JavaScript Library
High 8.8
2025-01-08< 2.11.11
CVE-2024-12853
N/A
< 2.7.5
Modula < 2.7.5 - Incomplete Authorization via 'save_image' and 'save_images'
N/A
2023-09-12< 2.7.5
WordPress Modula Image Gallery Plugin < 2.7.5 is vulnerable to Broken Access Control
N/A
2023-09-10< 2.7.5
Modula <= 2.7.4 - Incomplete Authorization via 'save_image' and 'save_images'
N/A
< 2.6.7
Modula Image Gallery < 2.6.7 - Reflected Cross-Site Scripting
N/A
2022-06-06< 2.6.7
Modula Image Gallery <= 2.6.6 - Reflected Cross-Site Scripting
Medium 6.5
2022-11-18< 2.6.91
CVE-2022-41135
N/A
2022-06-06< 2.6.7
WordPress Modula Image Gallery plugin <= 2.6.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Medium 5.4
2020-02-20< 2.2.5
CVE-2020-9003