PatchSiren cyber security CVE debrief

CVE-2026-39481 WP Chill CVE debrief

CVE-2026-39481 is a HIGH-severity vulnerability in Modula Image Gallery plugin versions up to 2.14.18. The issue is an Author PHP Object Injection vulnerability. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.2.

Vendor: WP Chill
Product: Modula Image Gallery
CVSS: HIGH 7.2
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-15
Original CVE updated: 2026-06-15
Advisory published: 2026-06-15
Advisory updated: 2026-06-15

Who should care

Users of Modula Image Gallery plugin versions up to 2.14.18 should apply patches or mitigations as available.

Technical summary

The vulnerability is an Author PHP Object Injection issue in Modula Image Gallery plugin versions up to 2.14.18. It has been assigned a CVSS score of 7.2 and a CVSS severity of HIGH. The vulnerability's CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Defensive priority

HIGH

Recommended defensive actions

Apply patches or updates for Modula Image Gallery plugin to version 2.14.18 or later.
Refer to [ref-4](https://patchstack.com/database/wordpress/plugin/modula-best-grid-gallery/vulnerability/wordpress-modula-image-gallery-plugin-2-14-18-php-object-injection-vulnerability?_s_id=cve) for mitigation or patch
Review [CVE-2026-39481 CVE record](https://www.cve.org/CVERecord?id=CVE-2026-39481) for official details
Check [CVE-2026-39481 NVD detail](https://nvd.nist.gov/vuln/detail/CVE-2026-39481) for additional information

Evidence notes

Vendor and product information inferred from available data. The CVE was published on 2026-06-15T21:16:44.467Z and last modified on 2026-06-15T21:24:32.790Z.

Official resources

CVE-2026-39481 CVE record
CVE.org
CVE-2026-39481 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected]

CVE-2026-39481 was published on 2026-06-15T21:16:44.467Z and last modified on 2026-06-15T21:24:32.790Z.