CVE-2025-14455

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This makes it possible fo...

PT-2025-52438

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This makes it possible fo...

CVE-2025-11448

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/envira-convert/v1/bulk-convert' REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for...

CVE-2024-8437

The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpegsettings and wpegaddgallery in all versions up to, and including, 4.8.5. This makes it possible for authenticate...

PT-2024-39013 · WordPress · Wp Easy Gallery

Name of the Vulnerable Software and Affected Versions: The WP Easy Gallery – WordPress Gallery Plugin versions up to, and including, 4.8.5 Description: The issue is related to unauthorized access due to a missing capability check on several functions hooked via AJAX, such as wpeg settings and wpe...

PT-2024-15072 · WordPress · Envira Photo Gallery

Name of the Vulnerable Software and Affected Versions: Envira Photo Gallery plugin for WordPress versions up to, and including, 1.8.7.1 Description: The issue allows authenticated attackers with contributor access and above to modify galleries on other users' posts due to an improper capability...