cleantalk
Vulnerabilities and Security Researches

Gallery Plugin for WordPress – Envira Photo Gallery, CVE-2025-12377

CVE, Research URL

CVE-2025-12377

Home page URL

Security reports for Gallery Plugin for WordPress – Envira Photo Gallery

Application

Gallery Plugin for WordPress – Envira Photo Gallery

Published on
Nov 13, 2025
Research Description
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Author-level access and above, to perform multiple actions, such as removing images from arbitrary galleries. The vulnerability was partially patched in version 1.12.0.
Affected versions
max 1.12.1.
Status
vulnerable
Previous vulnerability researches
YITH PayPal Express Checkout for WooCommerce (CVE-2019-16251) , Jun 07, 2024
YITH PayPal Express Checkout for WooCommerce (CVE-2025-48111) , Jun 18, 2025
New vulnerability
Nelio Popups (CVE-2025-66111) , Dec 11, 2025
Vitepos – Point of sale (POS) plugin for WooCommerce (CVE-2025-13156) , Dec 11, 2025
SNORDIAN's H5PxAPIkatchu (CVE-2025-12904) , Dec 11, 2025
Share to Google Classroom (CVE-2025-12711) , Dec 11, 2025
Flickr Show (CVE-2025-12672) , Dec 11, 2025