CVE-2026-27424
Description
Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Image Photo Gallery Final Tiles Grid: from n/a through 3.6.11.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in WordPress Image Photo Gallery Final Tiles Grid plugin through 3.6.11 allows unprivileged users to perform higher privileged actions.
Vulnerability
The Image Photo Gallery Final Tiles Grid plugin for WordPress versions through 3.6.11 contains a missing authorization vulnerability [1]. The plugin fails to properly check access control, allowing unauthenticated or low-privileged users to trigger functions that should require higher privileges.
Exploitation
An attacker with network access to a WordPress site running the vulnerable plugin can exploit this by sending a crafted request to a vulnerable endpoint without proper authorization checks [1]. No authentication is required, making the attack trivial to execute.
Impact
Successful exploitation allows an unprivileged attacker to perform actions normally restricted to higher privileged roles, such as modifying plugin settings or gallery content. The impact is considered low severity, but the vulnerability could be used in mass-exploit campaigns [1].
Mitigation
Update to version 3.6.12 or later, which contains the fix for this vulnerability [1]. For Patchstack users, enabling auto-update for vulnerable plugins is recommended. No workarounds are available besides updating.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=3.6.11
- Range: <=3.6.11
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.