CVE-2025-12377: Envira Photo Gallery Vulnerability – Secure Your WordPress Images!

Overview

CVE-2025-12377 describes a security vulnerability found in the Envira Photo Gallery plugin for WordPress. This vulnerability allows authenticated attackers with Author-level access or higher to perform unauthorized modifications to data, such as removing images from arbitrary galleries. The issue stems from a missing capability check on several functions within the plugin.

This vulnerability affects all versions of the Envira Photo Gallery plugin up to and including 1.12.0. A partial patch was implemented in version 1.12.0.

Technical Details

The vulnerability lies in the insufficient capability checks performed before allowing certain actions on galleries and images. Authenticated users with Author-level permissions can exploit this flaw to bypass intended access controls and modify gallery content, potentially leading to data loss or defacement of the website.

Specifically, the vulnerability resides in missing capability checks within AJAX handlers responsible for image and gallery management. This allows an attacker to craft requests to remove images, or perform other unauthorized actions. This can be confirmed in the reported code changes.

CVSS Analysis

• Severity: MEDIUM
• CVSS Score: 5.3

A CVSS score of 5.3 indicates a Medium severity vulnerability. While exploitation requires authentication (Author-level access), the potential impact on data integrity justifies its classification.

Possible Impact

Successful exploitation of this vulnerability could allow an attacker to:

• Remove images from galleries.
• Potentially modify other gallery settings (depending on the specific functions affected).
• Deface the website by removing or altering visual content.
• Cause data loss and disruption to the website’s functionality.

Mitigation and Patch Steps

To mitigate the risk posed by CVE-2025-12377, users of the Envira Photo Gallery plugin should take the following steps:

1. Update to the latest version: Upgrade the Envira Photo Gallery plugin to the latest available version (greater than 1.12.0). This is the primary mitigation.
2. Review User Roles: Ensure that user roles and permissions are appropriately configured. Limit Author-level access to only trusted individuals.

References

• Wordfence Threat Intelligence Report
• CleanTalk Research Report
• WordPress Plugin Trac Changeset 1
• WordPress Plugin Trac Changeset 2
• WordPress Plugin Trac Browser
• Additional details (Google Drive)