CVE-2024-12853
Modula Image Gallery <= 2.11.10 - Authenticated (Author+) Arbitrary File UploadThe Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
We have discovered 6,411 live websites that are affected by CVE-2024-12853.
Affected Software
| Product |  Modula Best Grid Gallery |
| Category | Wordpress Plugins |
| Vulnerable Domains | 6,411 live websites (62.22% of Modula Best Grid Gallery install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 101 versions ( 93.52% of all versions) |
Common Weakness Enumeration
CWE-434 Unrestricted Upload of File with Dangerous TypeDetails
- Published - Jan 8, 2025
- Updated - Jan 8, 2025
Credits
- SavPhill (finder)
CWE
CVE References
CWE References
CVE-2024-12853 usage by Country
 United States | 1,723 websites |
 Germany | 945 websites |
 France | 499 websites |
 Poland | 335 websites |
 GB | 287 websites |
 Spain | 217 websites |
 Italy | 204 websites |
 Netherlands | 202 websites |
 Switzerland | 130 websites |
 Russia | 113 websites |
CVE-2024-12853 usage by TLD
| .com | 2,485 websites |
| .de | 519 websites |
| .pl | 274 websites |
| .co.uk | 231 websites |
| .org | 187 websites |
| .nl | 187 websites |
| .fr | 178 websites |
| .it | 156 websites |
| .es | 123 websites |
| .net | 112 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-12853
Top websites that are affected by CVE-2024-12853. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *************.***.uk | GB | ***,*** | |
| *******************.com |  Singapore | ***,*** | |
| ************.de | Germany | ***,*** | |
| ******.com | United States | ***,*** | |
| *****.**.tz | GB | ***,*** | |
| **********.com | United States | ***,*** | |
| ******.pl | Poland | ***,*** | |
| *****************.com | United States | ***,*** | |
| **********.com | Germany | ***,*** | |
| ***********************.**.uk | GB | ***,*** |
FAQ
CVE-2024-12853 is Unrestricted Upload of File with Dangerous Type in Modula Best Grid Gallery
A total of 6,411 websites have been identified as vulnerable to CVE-2024-12853, discovered through global website indexing conducted by WebTechSurvey.
Modula Best Grid Gallery is susceptible to CVE-2024-12853 vulnerability.
Modula Best Grid Gallery versions before, and including, 2.11.10 are vulnerable to CVE-2024-12853.