cleantalk
Vulnerabilities and Security Researches

Image Photo Gallery Final Tiles Grid, CVE-2025-15466

CVE, Research URL

CVE-2025-15466

Home page URL

Security reports for Image Photo Gallery Final Tiles Grid

Application

Image Photo Gallery Final Tiles Grid

Published on
Jan 20, 2026
Research Description
The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple AJAX actions in all versions up to, and including, 3.6.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to view, create, modify, clone, delete, and reassign ownership of galleries created by other users, including administrators.
Affected versions
max 3.6.10.
Status
vulnerable
Previous vulnerability researches
Image Photo Gallery Final Tiles Grid (CVE-2024-3710) , Jul 10, 2024
Image Photo Gallery Final Tiles Grid (CVE-2025-14455) , Jan 10, 2026
Image Photo Gallery Final Tiles Grid (CVE-2025-13693) , Jan 10, 2026
Image Photo Gallery Final Tiles Grid (CVE-2024-6261) , Feb 28, 2025
Image Photo Gallery Final Tiles Grid (CVE-2020-14962) , Jun 07, 2024
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026