cleantalk
Vulnerabilities and Security Researches

Image Photo Gallery Final Tiles Grid, CVE-2025-14455

CVE, Research URL

CVE-2025-14455

Home page URL

Security reports for Image Photo Gallery Final Tiles Grid

Application

Image Photo Gallery Final Tiles Grid

Published on
Dec 19, 2025
Research Description
The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete, modify, or clone galleries created by any user, including administrators.
Affected versions
max 3.6.8.
Status
vulnerable
Previous vulnerability researches
GNA Search Shortcode (CVE-2025-46540) , Apr 26, 2025
New vulnerability
WING WordPress Migrator (CVE-2025-52835) , Jan 10, 2026
WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress (CVE-2025-66074) , Jan 10, 2026
1180px Shortcodes (CVE-2025-14114) , Jan 10, 2026
Listdom – Business Directory and Classified Ads Listings WordPress Plugin (CVE-2025-67560) , Jan 10, 2026
Simple CSV Table (CVE-2025-12960) , Jan 10, 2026