Headline
CVE-2022-41135: WordPress Modula plugin <= 2.6.9 - Unauth. Plugin Settings Change vulnerability - Patchstack
Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress.
Verified
Fixed
6.5
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 2.6.9
PSID
cec85aa7ac53
Classification
Other Vulnerability Type
OWASP Top 10
A5: Broken Access Control
Required privilege
Can be exploited remotely without any authentication.
Publicly disclosed
2022-10-28
Details
Unauth. Plugin Settings Change vulnerability discovered by Nguyen Anh Tien (Patchstack Alliance) in the WordPress Modula plugin (versions <= 2.6.9).
Solution
Update the WordPress Modula Image Gallery plugin to the latest available version (at least 2.6.91).
References