PT-2026-3517 · WordPress · Image Photo Gallery Final Tiles Grid
Pouria Shahba
·
Published
2026-01-19
·
Updated
2026-01-20
·
CVE-2025-15466
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Image Photo Gallery Final Tiles Grid plugin for WordPress versions through 3.6.9
Description
The software is susceptible to unauthorized access and modification of data because of absent capability checks on several AJAX actions. Authenticated attackers possessing Contributor-level access or higher can view, create, modify, clone, delete, and reassign ownership of galleries, even those created by administrators. The affected AJAX actions do not properly verify user permissions before allowing operations on gallery data.
Recommendations
Update the Image Photo Gallery Final Tiles Grid plugin to a version beyond 3.6.9.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Image Photo Gallery Final Tiles Grid