Modula Image Gallery WordPress Plugin Authorization Bypass Vulnerability Allowing Arbitrary Post Editing

A vulnerability exists in the Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress, in all versions through 2.13.6. The issue stems from the plugin's failure to properly verify user authorization for modifying specific posts via the REST API. This oversight enables authenticated attackers with contributor-level access or higher to arbitrarily update the title, excerpt, and content of posts by including post IDs in the 'modulaImages' field while editing a gallery.

Impact

Exploitation of this vulnerability allows for unauthorized modification of post titles, excerpts, and content, potentially leading to misinformation or misuse of the WordPress site’s content management.

Reproduction

To reproduce this vulnerability, an authenticated user with contributor-level access or higher can edit a gallery using the Modula Image Gallery plugin. While doing so, they can pass post IDs in the 'modulaImages' field. The absence of proper authorization checks will allow the user to update the corresponding posts' titles, excerpts, and content, regardless of whether they have permission to edit those specific posts.

Remediation

Users are advised to update the Modula Image Gallery – Photo Grid & Video Gallery plugin to version 2.13.7 or a newer patched version.