CVE-2025-12377 - Vulnerability Details

- Gallery Plugin for WordPress – Envira Photo Gallery <= 1.12.0 - Missing Authorization to Authenticated (Author+) Multiple Gallery Actions

Description

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Author-level access and above, to perform multiple actions, such as removing images from arbitrary galleries. The vulnerability was partially patched in version 1.12.0.

Published: 2025-11-13

Score: 4.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Envira Gallery plugin for WordPress contains a missing capability check that allows an authenticated user with Author-level or higher permissions to modify gallery contents. This gives such an attacker the ability to delete or otherwise alter images in any gallery, potentially compromising the integrity and availability of site media. The weakness is identified as CWE‑862: Missing Authorization.

Affected Systems

The vulnerability affects the smub Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More plugin, all releases up to and including version 1.12.0. Users should verify the installed plugin version and consider upgrading beyond the affected releases.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate severity. The EPSS score of less than 1% suggests that exploitation is unlikely at present, and the vulnerability is not currently listed in the CISA KEV catalog. Because the attacker must be authenticated with Author-level access, the attack surface is limited to sites that allow such roles to log in. A compromise would enable manipulation of gallery content but would not provide remote code execution or data exfiltration of other site data.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

smub

Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.12.0

No data.

Vendor	Product	Confidence	Versions
Smub	Gallery Plugin For Wordpress	—	—
Wordpress	Wordpress	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Envira Gallery plugin to the latest version that contains the complete fix.
If an upgrade cannot be performed immediately, apply a temporary restriction by revoking gallery‑management capabilities from Author-level users or by disabling the gallery features for those roles via role‑management tools.
Use a plugin security monitoring solution to detect unauthorized changes to gallery files and alert site administrators.
Consider reviewing the site's overall role permissions to ensure users have only the necessary capabilities for their responsibilities.

Generated by OpenCVE AI on April 22, 2026 at 11:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00049.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://drive.google.com/file/d/1AgsJeff1x4pQAFVGmoSwwU75iiH4-H_p/view?usp=sharing
https://plugins.trac.wordpress.org/browser/envira-gallery-lite/trunk/includes/admin/ajax.php
https://plugins.trac.wordpress.org/changeset/3387243/envira-gallery-lite/trunk/includes/admin/ajax.php?old=3133202&old_path=envira-gallery-lite%2Ftrunk%2Fincludes%2Fadmin%2Fajax.php
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3394455%40envira-gallery-lite&old=3387243%40envira-gallery-lite&sfp_email=&sfph_mail=
https://research.cleantalk.org/cve-2025-12377/
https://www.wordfence.com/threat-intel/vulnerabilities/id/69a0d985-cc85-45ba-889d-1ed30d06f9ce?source=cve

History

Fri, 19 Dec 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 15 Dec 2025 02:45:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}`	cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}`

Thu, 13 Nov 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Smub Smub gallery Plugin For Wordpress Wordpress Wordpress wordpress
Vendors & Products		Smub Smub gallery Plugin For Wordpress Wordpress Wordpress wordpress

Thu, 13 Nov 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 13 Nov 2025 11:45:00 +0000

Type	Values Removed	Values Added
Description		The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Author-level access and above, to perform multiple actions, such as removing images from arbitrary galleries. The vulnerability was partially patched in version 1.12.0.
Title		Gallery Plugin for WordPress – Envira Photo Gallery <= 1.12.0 - Missing Authorization to Authenticated (Author+) Multiple Gallery Actions
Weaknesses		CWE-862
References		https://drive.google.com/file/d/1AgsJeff1x4pQAFVGmoSwwU75iiH4-H_p/view?usp=sharing https://plugins.trac.wordpress.org/browser/envira-gallery-lite/trunk/includes/admin/ajax.php https://plugins.trac.wordpress.org/changeset/3387243/envira-gallery-lite/trunk/includes/admin/ajax.php?old=3133202&old_path=envira-gallery-lite%2Ftrunk%2Fincludes%2Fadmin%2Fajax.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3394455%40envira-gallery-lite&old=3387243%40envira-gallery-lite&sfp_email=&sfph_mail= https://research.cleantalk.org/cve-2025-12377/ https://www.wordfence.com/threat-intel/vulnerabilities/id/69a0d985-cc85-45ba-889d-1ed30d06f9ce?source=cve
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}`

Subscriptions

Smub Gallery Plugin For Wordpress

Wordpress Wordpress

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-11-13T11:29:03.241Z

Updated: 2026-04-08T16:58:41.809Z

Reserved: 2025-10-28T00:08:29.199Z

Link: CVE-2025-12377

Vulnrichment

Updated: 2025-11-13T14:46:02.346Z

NVD

Status : Deferred

Published: 2025-11-13T12:15:48.903

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-12377

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-22T12:00:05Z

Weaknesses

CWE-862

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object