Wpchill

**Name of the Vulnerable Software and Affected Versions** Modula Image Gallery plugin for WordPress versions up to and including 2.13.6 **Description** The plugin does not properly verify user authorization before allowing modifications to posts through the REST API. This allows authenticated attackers with contributor-level access or higher to update the title, excerpt, and content of any post by manipulating the `modulaImages` field with specific post IDs when editing a gallery. The vulnerability affects the updating of posts via the REST API. The API endpoint used in the attack is not explicitly mentioned. The vulnerable parameter is `modulaImages`. **Recommendations** Update the Modula Image Gallery plugin to a version later than 2.13.6.