CVE-2025-14170

Name of the Vulnerable Software and Affected Versions Vimeo SimpleGallery versions up to and including 0.2

Description The Vimeo SimpleGallery plugin for WordPress is susceptible to a missing authorization issue. This stems from a lack of proper authorization checks within the vimeogallery admin function, which is connected to the admin menu action. Authenticated attackers possessing Subscriber-level access or higher can potentially modify arbitrary plugin settings through the action parameter.

Recommendations Update Vimeo SimpleGallery to a version newer than 0.2.