Image Photo Gallery Final Tiles Grid
Moderate fix1 remedy
cpe:2.3:a:machothemes:image_photo_gallery_final_tiles_grid:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 3.6.9
Image Photo Gallery Final Tiles Grid Missing Authorization Vulnerability in WordPress
Vulnerability
Patched
A vulnerability exists in the Image Photo Gallery Final Tiles Grid plugin for WordPress, affecting all versions through 3.6.9. The issue stems from inadequate capability checks on several AJAX actions, allowing authenticated attackers with Contributor-level access or higher to unauthorized access and manipulation of gallery data. This includes the ability to view, create, modify, clone, delete, and reassign ownership of galleries created by other users, including administrators.
Impact
Exploitation of this vulnerability could lead to unauthorized access and management of galleries, allowing attackers to alter gallery content and ownership.
Reproduction
To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can send requests to the vulnerable AJAX actions without the necessary capability checks. This can be done using a tool like Postman or through custom scripts that automate the process.
Remediation
Users are advised to update the plugin to version 3.6.10 or later, where this vulnerability has been patched.
Added: Jan 20, 2026, 12:28 AM
Updated: Jan 20, 2026, 12:28 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
1.3exploitability
6.0remediation
7.7relevance
2.2threat
4.8urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.