Missing Authorization Flaw in Image Photo Gallery Plugin by WordPress
CVE-2026-25375

Currently unrated

Key Information:

Vendor

WordPress
Status
Image Photo Gallery Final Tiles Grid
Vendor
CVE Published:
19 February 2026

What is CVE-2026-25375?

A missing authorization flaw in the WP Chill Image Photo Gallery Final Tiles Grid plugin enables attackers to exploit incorrectly configured access control security levels. This vulnerability affects versions up to 3.6.10, allowing unauthorized users to access sensitive features and potentially sensitive information. Proper access controls should be implemented to ensure that only authorized users can perform actions on the gallery.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Image Photo Gallery Final Tiles Grid <= n/a

References

https://patchstack.com/database/Wordpress/Plugin/final-ti...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nabil Irawan | Patchstack Bug Bounty Program
JSON
.