{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12081", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-22T15:58:47.791Z", "datePublished": "2026-02-19T03:25:19.703Z", "dateUpdated": "2026-04-08T17:25:59.347Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:25:59.347Z"}, "affected": [{"vendor": "navzme", "product": "ACF Photo Gallery Field", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \"acf_photo_gallery_edit_save\" function in all versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber level access and above, to modify the title, caption, and custom metadata of arbitrary media attachments."}], "title": "ACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata Modification", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d52a1c67-e20d-4390-9d07-94337a31d193?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/navz-photo-gallery/tags/3.0/navz-photo-gallery.php#L173"}, {"url": "https://plugins.trac.wordpress.org/browser/navz-photo-gallery/tags/3.0/includes/acf_photo_gallery_edit_save.php#L8"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3428006%40navz-photo-gallery&new=3428006%40navz-photo-gallery&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Rafshanzani Suhada"}], "timeline": [{"time": "2025-10-13T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2026-02-18T14:58:38.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-19T17:04:13.939925Z", "id": "CVE-2025-12081", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T17:40:29.496Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12081", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T17:04:13.939925Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T17:04:15.549Z"}}], "cna": {"title": "ACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata Modification", "credits": [{"lang": "en", "type": "finder", "value": "Rafshanzani Suhada"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "navzme", "product": "ACF Photo Gallery Field", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-13T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2026-02-18T14:58:38.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d52a1c67-e20d-4390-9d07-94337a31d193?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/navz-photo-gallery/tags/3.0/navz-photo-gallery.php#L173"}, {"url": "https://plugins.trac.wordpress.org/browser/navz-photo-gallery/tags/3.0/includes/acf_photo_gallery_edit_save.php#L8"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3428006%40navz-photo-gallery&new=3428006%40navz-photo-gallery&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \"acf_photo_gallery_edit_save\" function in all versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber level access and above, to modify the title, caption, and custom metadata of arbitrary media attachments."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:25:59.347Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12081", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:25:59.347Z", "dateReserved": "2025-10-22T15:58:47.791Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-19T03:25:19.703Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \"acf_photo_gallery_edit_save\" function in all versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber level access and above, to modify the title, caption, and custom metadata of arbitrary media attachments."}, {"lang": "es", "value": "El plugin ACF Photo Gallery Field para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una comprobaci\u00f3n de capacidad faltante en la funci\u00f3n 'acf_photo_gallery_edit_save' en todas las versiones hasta la 3.0, inclusive. Esto hace posible que atacantes autenticados, con acceso de nivel suscriptor y superior, modifiquen el t\u00edtulo, la leyenda y los metadatos personalizados de archivos adjuntos multimedia arbitrarios."}], "id": "CVE-2025-12081", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-19T07:17:27.147", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/navz-photo-gallery/tags/3.0/includes/acf_photo_gallery_edit_save.php#L8"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/navz-photo-gallery/tags/3.0/navz-photo-gallery.php#L173"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3428006%40navz-photo-gallery&new=3428006%40navz-photo-gallery&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d52a1c67-e20d-4390-9d07-94337a31d193?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,3.0]"}}], "enrichment": {"confidence": 97.0, "confidence_source": "matching", "scores": [{"score": 97.0, "source": "matching"}]}, "original": {"product": "ACF Photo Gallery Field", "source": "cna", "vendor": "navzme"}, "product": "acf_photo_gallery_field", "vendor": "navz"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 75.0, "confidence_source": "inferred", "scores": [{"score": 75.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-21T00:11:20.952482+00:00", "value": {"mitigation_remediation": ["Update the ACF Photo Gallery Field plugin to the latest version that includes the missing capability check", "If an update is not immediately available, remove the acf_photo_gallery_edit_save capability from subscriber roles or rename the function to prevent its use", "Use a security plugin or custom code to enforce correct capability checks before allowing attachment metadata changes", "Monitor the WordPress site for unexpected changes to media attachment titles, captions, or custom fields"], "summary": {"action": "Apply Patch", "impact": "Unauthorised modification of attachment metadata by authenticated users"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the navzme ACF Photo Gallery Field WordPress plugin in all versions up to and including 3.0. No specific sub\u2011versions are listed, so any installation of the plugin with a version number 3.0 or lower is at risk.", "description_and_impact": "The ACF Photo Gallery Field plugin for WordPress contains a missing capability check in the acf_photo_gallery_edit_save function. Because the check is omitted, any authenticated user with subscriber role or higher can change the title, caption, and custom metadata of any media attachment. This flaw does not provide remote code execution or system compromise but allows attackers to subvert the integrity of media content, potentially defacing pages or carrying out subtle data manipulation. The weakness represents a classic authorization bypass (CWE\u2011862).", "risk_and_exploitability": "The CVSS score of 4.3 classifies the weakness as low severity, while the EPSS score of less than 1% indicates a very low probability of exploitation. The flaw is not listed in the CISA KEV catalog. Attackers need only be authenticated with a subscriber role or higher to exploit the issue, so the attack vector is local authentication rather than remote. The impact is confined to data integrity of media attachments, and no escalation to system compromise is possible based on the available information."}}}}, "created": "2026-02-19T10:07:31.046750+00:00", "updated": "2026-04-21T00:15:16.130378+00:00", "vendors": ["navz", "navz$PRODUCT$acf_photo_gallery_field", "wordpress", "wordpress$PRODUCT$wordpress"]}