The vulnerability exists in all versions of the Image Gallery – Photo Grid & Video Gallery plugin up to, and including, 2.13.3. The exploit stems from the modula_list_folders AJAX endpoint, which does not enforce rigorous path validation or base directory constraints. Despite the plugin requiring users to have Author-level access or higher to use the endpoint, it does not ensure that directory paths supplied by users are constrained to benign, expected directories. As a result, an attacker with adequate permissions can manipulate directory paths, facilitating traversal across directory boundaries. This may allow the attacker to list directory contents outside of the intended scope, potentially accessing sensitive files that should not be exposed.

To mitigate this vulnerability, ensure that all user inputs related to directory paths are appropriately sanitized and validated to conform to approved directories. Implement strict directory traversal checks and consider employing validation libraries or built-in path resolution functions to enforce these restrictions. Additionally, review and modify user permissions to minimize unnecessary access and capabilities that might increase the risk of exploitation.