Description
The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acf_photo_gallery_edit_save" function in all versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber level access and above, to modify the title, caption, and custom metadata of arbitrary media attachments.
Published: 2026-02-19
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorised modification of attachment metadata by authenticated users
Action: Apply Patch
AI Analysis

Impact

The ACF Photo Gallery Field plugin for WordPress contains a missing capability check in the acf_photo_gallery_edit_save function. Because the check is omitted, any authenticated user with subscriber role or higher can change the title, caption, and custom metadata of any media attachment. This flaw does not provide remote code execution or system compromise but allows attackers to subvert the integrity of media content, potentially defacing pages or carrying out subtle data manipulation. The weakness represents a classic authorization bypass (CWE‑862).

Affected Systems

The vulnerability affects the navzme ACF Photo Gallery Field WordPress plugin in all versions up to and including 3.0. No specific sub‑versions are listed, so any installation of the plugin with a version number 3.0 or lower is at risk.

Risk and Exploitability

The CVSS score of 4.3 classifies the weakness as low severity, while the EPSS score of less than 1% indicates a very low probability of exploitation. The flaw is not listed in the CISA KEV catalog. Attackers need only be authenticated with a subscriber role or higher to exploit the issue, so the attack vector is local authentication rather than remote. The impact is confined to data integrity of media attachments, and no escalation to system compromise is possible based on the available information.

Generated by OpenCVE AI on April 21, 2026 at 00:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the ACF Photo Gallery Field plugin to the latest version that includes the missing capability check
  • If an update is not immediately available, remove the acf_photo_gallery_edit_save capability from subscriber roles or rename the function to prevent its use
  • Use a security plugin or custom code to enforce correct capability checks before allowing attachment metadata changes
  • Monitor the WordPress site for unexpected changes to media attachment titles, captions, or custom fields

Generated by OpenCVE AI on April 21, 2026 at 00:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Feb 2026 01:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Feb 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Navz
Navz acf Photo Gallery Field
Wordpress
Wordpress wordpress
Vendors & Products Navz
Navz acf Photo Gallery Field
Wordpress
Wordpress wordpress

Thu, 19 Feb 2026 04:15:00 +0000

Type Values Removed Values Added
Description The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acf_photo_gallery_edit_save" function in all versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber level access and above, to modify the title, caption, and custom metadata of arbitrary media attachments.
Title ACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata Modification
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Navz Acf Photo Gallery Field
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:25:59.347Z

Reserved: 2025-10-22T15:58:47.791Z

Link: CVE-2025-12081

cve-icon Vulnrichment

Updated: 2026-02-19T17:04:15.549Z

cve-icon NVD

Status : Deferred

Published: 2026-02-19T07:17:27.147

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-12081

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T00:15:16Z

Weaknesses