CVE-2025-15466

Name of the Vulnerable Software and Affected Versions Image Photo Gallery Final Tiles Grid plugin for WordPress versions through 3.6.9

Description The software is susceptible to unauthorized access and modification of data because of absent capability checks on several AJAX actions. Authenticated attackers possessing Contributor-level access or higher can view, create, modify, clone, delete, and reassign ownership of galleries, even those created by administrators. The affected AJAX actions do not properly verify user permissions before allowing operations on gallery data.

Recommendations Update the Image Photo Gallery Final Tiles Grid plugin to a version beyond 3.6.9.