CVE-2026-24939
WordPress Modula Image Gallery plugin <= 2.13.6 - Broken Access Control vulnerabilityMissing Authorization vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modula Image Gallery: from n/a through <= 2.13.6.
We have discovered 10,273 live websites that are affected by CVE-2026-24939.
Affected Software
| Product |  Modula Best Grid Gallery |
| Category | Wordpress Plugins |
| Vulnerable Domains | 10,273 live websites (100% of Modula Best Grid Gallery install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 126 versions ( 100% of all versions) |
Details
- Published - Feb 3, 2026
- Updated - Feb 3, 2026
Credits
- Que Thanh Tuan | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2026-24939 United States | 2,453 websites |
 Germany | 1,521 websites |
 France | 787 websites |
 GB | 572 websites |
 Italy | 540 websites |
 Poland | 442 websites |
 Netherlands | 349 websites |
 Spain | 339 websites |
 Switzerland | 265 websites |
 Canada | 204 websites |
Website Distribution by TLD
Number of websites using CVE-2026-24939| .com | 4,092 websites |
| .de | 994 websites |
| .co.uk | 393 websites |
| .it | 358 websites |
| .org | 358 websites |
| .pl | 340 websites |
| .fr | 339 websites |
| .nl | 316 websites |
| .ch | 207 websites |
| .net | 176 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2026-24939
Top websites that are affected by CVE-2026-24939. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.com | United States | **,*** | |
| ***********.org | United States | **,*** | |
| ************.com |  Cyprus | ***,*** | |
| **********.**.**.uk | GB | ***,*** | |
| *************.***.uk | GB | ***,*** | |
| *******************.com |  Belgium | ***,*** | |
| ************.de | Germany | ***,*** | |
| ******.com | United States | ***,*** | |
| *************.com | France | ***,*** | |
| **************.de | Germany | ***,*** |
FAQ
A total of 10,273 websites have been identified as vulnerable to CVE-2026-24939, based on global website indexing conducted by WebTechSurvey.
The Modula Best Grid Gallery is affected by the CVE-2026-24939 vulnerability.
Modula Best Grid Gallery versions up to and including 2.13.6 are vulnerable to CVE-2026-24939.