Plataforma
wordpress
Componente
modula-best-grid-gallery
Corrigido em
2.13.3
2.13.4
CVE-2025-13645 describes an arbitrary file access vulnerability discovered in the Modula Image Gallery WordPress plugin. This flaw allows authenticated attackers with Author-level access or higher to delete arbitrary files on the server. The most critical impact arises from the potential to delete the wp-config.php file, which could lead to remote code execution. The vulnerability affects versions 2.13.1 through 2.13.2, and a fix is available in version 2.13.3.
The primary impact of CVE-2025-13645 is the ability for an authenticated attacker to delete files on the server. While seemingly limited to file deletion, the vulnerability's severity stems from the potential to delete critical WordPress configuration files, most notably wp-config.php. Deletion of wp-config.php effectively disables the WordPress site, and in some scenarios, an attacker could potentially replace it with a malicious configuration, leading to remote code execution. This could allow an attacker to gain complete control over the web server and its data. The ease of exploitation, requiring only Author-level access, further amplifies the risk.
CVE-2025-13645 was publicly disclosed on December 2, 2025. There is currently no indication of active exploitation in the wild, nor are there any publicly available proof-of-concept exploits. The vulnerability has not been added to the CISA KEV catalog at the time of this writing. Given the relatively simple nature of the exploit and the plugin's popularity, it is likely that a proof-of-concept will emerge in the near future.
Websites using the Modula Image Gallery plugin, particularly those with multiple users having Author or higher roles, are at risk. Shared hosting environments where users have limited control over file permissions are also at increased risk, as are WordPress installations with outdated security practices and inadequate access controls.
• wordpress / composer / npm:
grep -r "ajax_unzip_file" /var/www/html/wp-content/plugins/modula-image-gallery/• wordpress / composer / npm:
wp plugin list --status=active | grep modula-image-gallery• wordpress / composer / npm:
curl -I http://your-wordpress-site.com/wp-admin/admin-ajax.php?action=modula_ajax_unzip_file&file=../../../../wp-config.phpdisclosure
Status do Exploit
EPSS
1.19% (percentil 79%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-13645 is to immediately upgrade the Modula Image Gallery plugin to version 2.13.3 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider restricting file upload permissions for users with Author-level access or higher. Implement a Web Application Firewall (WAF) rule to block requests to the ajaxunzipfile endpoint with suspicious parameters. Regularly review file system permissions and ensure that the WordPress installation directory is not writable by the web server user. After upgrading, confirm the fix by attempting to access the ajaxunzipfile endpoint with a crafted request designed to trigger the vulnerability; it should now be properly validated.
Atualize para a versão 2.13.3, ou uma versão corrigida mais recente
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-13645 is a HIGH severity vulnerability allowing authenticated attackers to delete files on a WordPress server, potentially leading to remote code execution.
You are affected if you are using Modula Image Gallery versions 2.13.1 or 2.13.2. Upgrade to 2.13.3 or later to mitigate the risk.
Upgrade the Modula Image Gallery plugin to version 2.13.3 or later. Consider restricting file upload permissions as a temporary workaround.
There is currently no evidence of active exploitation in the wild, but a proof-of-concept is likely to emerge.
Refer to the Modula Image Gallery website and WordPress plugin repository for the official advisory and update information.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.