VYPR

Final Tiles Grid Gallery Lite

by WordPress

Source repositories

CVEs (6)

  • CVE-2025-13693MedDec 21, 2025
    risk 0.42cvss 6.4epss 0.00

    The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom scripts' setting in all versions up to, and including, 3.6.8 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2026-27424MedMay 20, 2026
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Photo Gallery Final Tiles Grid: from n/a through 3.6.11.

  • CVE-2025-14455MedDec 19, 2025
    risk 0.28cvss 5.4epss 0.00

    The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This…

  • CVE-2026-39510LowApr 8, 2026
    risk 0.18cvss 2.7epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a…

  • CVE-2022-0186Feb 21, 2022
    risk 0.00cvss epss 0.01

    The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the…

  • CVE-2020-14962Jun 21, 2020
    risk 0.00cvss epss 0.01

    Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka description) field of an image to wp-admin/admin-ajax.php.