cleantalk
Vulnerabilities and Security Researches

Image Photo Gallery Final Tiles Grid, CVE-2020-14962

CVE, Research URL

CVE-2020-14962

Home page URL

Security reports for Image Photo Gallery Final Tiles Grid

Application

Image Photo Gallery Final Tiles Grid

Published on
Jun 22, 2020
Research Description
Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka description) field of an image to wp-admin/admin-ajax.php.
Affected versions
max 3.3.57.
Status
vulnerable
Previous vulnerability researches
Image Photo Gallery Final Tiles Grid (CVE-2024-3710) , Jul 10, 2024
Image Photo Gallery Final Tiles Grid (CVE-2025-14455) , Jan 10, 2026
Image Photo Gallery Final Tiles Grid (CVE-2025-13693) , Jan 10, 2026
Image Photo Gallery Final Tiles Grid (CVE-2024-6261) , Feb 28, 2025
Image Photo Gallery Final Tiles Grid (CVE-2020-14962) , Jun 07, 2024
New vulnerability
Pure WC Variation Swatches (CVE-2025-12820) , Jan 11, 2026
WP Scraper (CVE-2025-62088) , Jan 11, 2026
Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger Live Chat Support Chat Button – Bit As (CVE-2025-68596) , Jan 11, 2026
Free Follow-Up Emails & Marketing Automation for WooCommerce – ShopMagic (CVE-2025-69093) , Jan 11, 2026
SALESmanago (CVE-2025-68571) , Jan 11, 2026