WordPress Plugin Vulnerabilities

Modula < 2.6.91 - Unauthenticated Troubleshooting Settings Update

Description

The plugin does not have authorisation and CSRF checks when updating its troubleshooting settings, which could allow any unauthenticated user to update them

Affects Plugins

Plugin icon
modula-best-grid-gallery
Fixed in 2.6.91

References

CVE
CVE-2022-41135

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Tien Nguyen Anh
Verified
No
WPVDB ID
c61800aa-ae56-46f3-b75c-22e49ff3947e

Timeline

Publicly Published
2022-10-28 (about 3 years ago)
Added
2022-11-20 (about 3 years ago)
Last Updated
2022-11-20 (about 3 years ago)

Other

Published
Title
Published
2023-11-27
Title
Participants Database < 2.5.6 - Missing Authorization
Published
2025-03-28
Title
Checkout Mestres do WP for WooCommerce 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update
Published
2024-03-28
Title
Finale Lite < 2.18.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation
Published
2025-11-04
Title
CoSchedule < 3.4.1 - Missing Authorization
Published
2025-04-01
Title
OpenAI Tools for WordPress & WooCommerce <= 2.1.5 - Missing Authorization