PHP Object Injection Vulnerability in Modula Image Gallery Plugin
CVE-2026-39481

7.2HIGH

Key Information:

Vendor: WordPress
Status: Modula Image Gallery
Vendor: CVE Published:; 15 June 2026

What is CVE-2026-39481?

The Modula Image Gallery plugin for WordPress, versions up to and including 2.14.18, is vulnerable to PHP Object Injection. This vulnerability can be exploited by attackers to execute arbitrary PHP code or manipulate application behavior, potentially compromising the security of the affected WordPress sites. It highlights the importance of maintaining updated plugins and rigorous security practices to mitigate such risks.

Affected Version(s)

Modula Image Gallery <= 2.14.18

References

https://patchstack.com/database/wordpress/plugin/modula-b...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

daroo | Patchstack Bug Bounty Program

CVE-2026-39481 Data

JSON