Authorization Bypass in Image Photo Gallery Final Tiles Grid Plugin for WordPress
CVE-2025-14455

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Image Photo Gallery Final Tiles Grid
Vendor: CVE Published:; 19 December 2025

What is CVE-2025-14455?

The Image Photo Gallery Final Tiles Grid plugin for WordPress has an authorization bypass flaw present in all versions up to 3.6.7. This vulnerability arises from the plugin's failure to adequately verify user permissions before allowing access to gallery management functions. As a result, authenticated attackers with Contributor-level access or higher can exploit this weakness to delete, modify, or clone galleries created by any user, including those with administrative privileges. This lack of proper authorization checks poses serious risks to the integrity and security of user-generated content.

Affected Version(s)

Image Photo Gallery Final Tiles Grid * <= 3.6.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/final-tiles-gr...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2025
Vulnerability Reserved
Dec 10, 2025

Credit

JongHwan Shin

JSON