Yevhenii Butenko

**Name of the Vulnerable Software and Affected Versions** Modula Image Gallery plugin for WordPress versions 2.13.1 through 2.13.2 **Description** The Modula Image Gallery plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation. This issue is present in the `ajax unzip file` function. Authenticated attackers with Author-level access or higher can upload arbitrary files, potentially leading to remote code execution due to a race condition on the server. The `ajax unzip file` function is the component affected by this issue. **Recommendations** Update the Modula Image Gallery plugin to a version newer than 2.13.2.