PT-2025-52438 · WordPress · Image Photo Gallery Final Tiles Grid

Jonghwan Shin

Published

2025-12-19

Updated

2025-12-19

CVE-2025-14455

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Image Photo Gallery Final Tiles Grid plugin for WordPress versions up to and including 3.6.7

Description The Image Photo Gallery Final Tiles Grid plugin for WordPress does not properly verify user authorization for gallery management functions. This allows authenticated attackers with Contributor-level access or higher to delete, modify, or clone galleries created by any user, including administrators.

Recommendations Update the Image Photo Gallery Final Tiles Grid plugin to a version later than 3.6.7.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2025-14455

Affected Products

Image Photo Gallery Final Tiles Grid

PT-2025-52438 · WordPress · Image Photo Gallery Final Tiles Grid

CVE-2025-14455

Weakness Enumeration

Related Identifiers

Affected Products

References · 10