CVE-2025-12377

Name of the Vulnerable Software and Affected Versions Envira Photo Gallery versions up to and including 1.12.0

Description The Envira Photo Gallery plugin for WordPress is susceptible to unauthorized data modification because of a missing capability check in several functions. Authenticated attackers with Author-level access or higher can perform actions like removing images from galleries. The issue was partially addressed in version 1.12.0.

Recommendations Versions prior to 1.12.0 should be updated.