Threat Entry Updated 2025-12-15

CVE-2025-12377 - Envira Photo Gallery Plugin

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Author-level access and above, to perform multiple actions, such as removing images from arbitrary galleries. The vulnerability was partially patched in version 1.12.0.

PLUGIN Envira Photo Gallery

CVE-2025-12377

MEDIUM CVSS 4.3 2025-11-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-11-12

CVE-2025-11448 - Envira Photo Gallery Plugin

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/envira-convert/v1/bulk-convert' REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for authenticated attackers, with contributor-level access and above, to convert galleries to Envira galleries.

PLUGIN Envira Photo Gallery

CVE-2025-11448

MEDIUM CVSS 4.3 2025-11-08

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2023-6742 - Envira Photo Gallery Plugin

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify galleries on other users' posts.

PLUGIN Envira Photo Gallery

CVE-2023-6742

MEDIUM CVSS 4.3 2024-01-11

Risk Score

Open Full Technical Breakdown