cleantalk
Vulnerabilities and Security Researches

Image Photo Gallery Final Tiles Grid, CVE-2025-13693

CVE, Research URL

CVE-2025-13693

Home page URL

Security reports for Image Photo Gallery Final Tiles Grid

Application

Image Photo Gallery Final Tiles Grid

Published on
Dec 21, 2025
Research Description
The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom scripts' setting in all versions up to, and including, 3.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 3.6.9.
Status
vulnerable
Previous vulnerability researches
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress , Dec 23, 2024
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress (CVE-2025-8878) , Aug 16, 2025
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress (CVE-2024-10518) , Dec 12, 2024
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress (CVE-2023-50882) , Dec 12, 2024
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress (CVE-2021-24522) , Jun 06, 2024
New vulnerability
WING WordPress Migrator (CVE-2025-52835) , Jan 10, 2026
WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress (CVE-2025-66074) , Jan 10, 2026
1180px Shortcodes (CVE-2025-14114) , Jan 10, 2026
Listdom – Business Directory and Classified Ads Listings WordPress Plugin (CVE-2025-67560) , Jan 10, 2026
Simple CSV Table (CVE-2025-12960) , Jan 10, 2026