Platform
wordpress
Component
modula-best-grid-gallery
Fixed in
2.13.3
2.13.4
CVE-2025-13645 describes an arbitrary file access vulnerability discovered in the Modula Image Gallery WordPress plugin. This flaw allows authenticated attackers with Author-level access or higher to delete arbitrary files on the server. The most critical impact arises from the potential to delete the wp-config.php file, which could lead to remote code execution. The vulnerability affects versions 2.13.1 through 2.13.2, and a fix is available in version 2.13.3.
The primary impact of CVE-2025-13645 is the ability for an authenticated attacker to delete files on the server. While seemingly limited to file deletion, the vulnerability's severity stems from the potential to delete critical WordPress configuration files, most notably wp-config.php. Deletion of wp-config.php effectively disables the WordPress site, and in some scenarios, an attacker could potentially replace it with a malicious configuration, leading to remote code execution. This could allow an attacker to gain complete control over the web server and its data. The ease of exploitation, requiring only Author-level access, further amplifies the risk.
CVE-2025-13645 was publicly disclosed on December 2, 2025. There is currently no indication of active exploitation in the wild, nor are there any publicly available proof-of-concept exploits. The vulnerability has not been added to the CISA KEV catalog at the time of this writing. Given the relatively simple nature of the exploit and the plugin's popularity, it is likely that a proof-of-concept will emerge in the near future.
Exploit Status
EPSS
1.19% (79% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-13645 is to immediately upgrade the Modula Image Gallery plugin to version 2.13.3 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider restricting file upload permissions for users with Author-level access or higher. Implement a Web Application Firewall (WAF) rule to block requests to the ajaxunzipfile endpoint with suspicious parameters. Regularly review file system permissions and ensure that the WordPress installation directory is not writable by the web server user. After upgrading, confirm the fix by attempting to access the ajaxunzipfile endpoint with a crafted request designed to trigger the vulnerability; it should now be properly validated.
Update to version 2.13.3, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-13645 is a HIGH severity vulnerability allowing authenticated attackers to delete files on a WordPress server, potentially leading to remote code execution.
You are affected if you are using Modula Image Gallery versions 2.13.1 or 2.13.2. Upgrade to 2.13.3 or later to mitigate the risk.
Upgrade the Modula Image Gallery plugin to version 2.13.3 or later. Consider restricting file upload permissions as a temporary workaround.
There is currently no evidence of active exploitation in the wild, but a proof-of-concept is likely to emerge.
Refer to the Modula Image Gallery website and WordPress plugin repository for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.