CVE-2025-12377
Description
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Author-level access and above, to perform multiple actions, such as removing images from arbitrary galleries. The vulnerability was partially patched in version 1.12.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Envira Photo Gallery plugin for WordPress (<=1.12.0) lacks capability checks on AJAX functions, allowing authenticated Authors to remove images from any gallery, compromising content integrity.
Root
Cause
The vulnerability resides in the AJAX handler envira_gallery_remove_image(), which only checks the broad edit_posts capability instead of verifying object-level permissions on the target gallery. This missing authorization check allows any user with Author-level access to invoke the function without owning the gallery [1].
Exploitation
An authenticated attacker with Author-level privileges can craft AJAX requests to remove images from any Envira gallery, regardless of ownership. No additional authentication or network position is required beyond a valid WordPress session with Author capabilities [1].
Impact
Successful exploitation leads to unauthorized removal of images from arbitrary galleries, resulting in visual defacement and loss of content integrity. This can disrupt portfolios, product pages, and editorial content that rely on gallery composition [1].
Mitigation
The issue was partially patched in version 1.12.0 of the plugin. Users are advised to update to the latest available version. As of publication, no active exploits have been reported in the wild [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.12.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- drive.google.com/file/d/1AgsJeff1x4pQAFVGmoSwwU75iiH4-H_p/viewnvd
- plugins.trac.wordpress.org/browser/envira-gallery-lite/trunk/includes/admin/ajax.phpnvd
- plugins.trac.wordpress.org/changeset/3387243/envira-gallery-lite/trunk/includes/admin/ajax.phpnvd
- plugins.trac.wordpress.org/changesetnvd
- research.cleantalk.org/cve-2025-12377/nvd
- www.wordfence.com/threat-intel/vulnerabilities/id/69a0d985-cc85-45ba-889d-1ed30d06f9cenvd
News mentions
0No linked articles in our index yet.