Update the WordPress Modula Image Gallery plugin to the latest available version (at least 2.6.91).
Tien Nguyen Anh discovered and reported this Broken Access Control vulnerability in WordPress Modula Image Gallery Plugin. This vulnerability has been fixed in version 2.6.91.
Reflected CrossSite Scripting (XSS) vulnerability
Authenticated Stored CrossSite Scripting (XSS) vulnerability