What the vulnerability does
01Description
Missing Authorization vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modula Image Gallery: from n/a through <= 2.13.6.
Explanation of Vulnerability in Simple Terms
02Summary
Modula Image Gallery versions up to 2.13.6 lack proper authorization checks, allowing authenticated users to access image data they should not be able to view. An attacker with a low-privilege account can read sensitive image information without additional interaction. This affects confidentiality but not integrity or availability.
What an attacker can do
03Attacker Capabilities
Read image data and metadata they should not have access to.
Potential impact on your site
04Site Impact
Users' private or restricted images may be visible to other authenticated users with lower permissions.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the WordPress site.
Key dates
06Disclosure timeline
February 3, 2026
CVE published
April 28, 2026
Record updated