{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12494", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-29T20:58:17.650Z", "datePublished": "2025-11-15T05:45:34.066Z", "dateUpdated": "2026-04-08T17:22:06.207Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:22:06.207Z"}, "affected": [{"vendor": "wpchill", "product": "Modula Image Gallery \u2013 Photo Grid & Video Gallery", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.12.28", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Image Gallery \u2013 Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajax_import_file function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level access and above, to move arbitrary image files on the server."}], "title": "Image Gallery \u2013 Photo Grid & Video Gallery <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File Move", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca423309-d8bd-46a4-9e88-9534d9c60b4a?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/modula-best-grid-gallery/tags/2.12.26/includes/admin/class-modula-gallery-upload.php#L554"}, {"url": "https://plugins.trac.wordpress.org/browser/modula-best-grid-gallery/tags/2.12.26/includes/admin/class-modula-gallery-upload.php#L567"}, {"url": "https://plugins.trac.wordpress.org/browser/modula-best-grid-gallery/tags/2.12.26/includes/admin/class-modula-gallery-upload.php#L589"}, {"url": "https://plugins.trac.wordpress.org/browser/modula-best-grid-gallery/tags/2.12.26/includes/admin/class-modula-gallery-upload.php#L597"}, {"url": "https://research.cleantalk.org/cve-2025-12494/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3391790/modula-best-grid-gallery/trunk?contextall=1&old=3390878&old_path=%2Fmodula-best-grid-gallery%2Ftrunk"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-285 Improper Authorization", "cweId": "CWE-285", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "timeline": [{"time": "2025-11-06T14:36:31.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-11-14T16:51:36.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-17T18:46:10.442054Z", "id": "CVE-2025-12494", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-17T18:46:19.807Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12494", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-17T18:46:10.442054Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-17T18:46:16.056Z"}}], "cna": {"title": "Image Gallery \u2013 Photo Grid & Video Gallery <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File Move", "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "wpchill", "product": "Modula Image Gallery \u2013 Photo Grid & Video Gallery", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.12.28"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-06T14:36:31.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-11-14T16:51:36.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca423309-d8bd-46a4-9e88-9534d9c60b4a?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/modula-best-grid-gallery/tags/2.12.26/includes/admin/class-modula-gallery-upload.php#L554"}, {"url": "https://plugins.trac.wordpress.org/browser/modula-best-grid-gallery/tags/2.12.26/includes/admin/class-modula-gallery-upload.php#L567"}, {"url": "https://plugins.trac.wordpress.org/browser/modula-best-grid-gallery/tags/2.12.26/includes/admin/class-modula-gallery-upload.php#L589"}, {"url": "https://plugins.trac.wordpress.org/browser/modula-best-grid-gallery/tags/2.12.26/includes/admin/class-modula-gallery-upload.php#L597"}, {"url": "https://research.cleantalk.org/cve-2025-12494/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3391790/modula-best-grid-gallery/trunk?contextall=1&old=3390878&old_path=%2Fmodula-best-grid-gallery%2Ftrunk"}], "descriptions": [{"lang": "en", "value": "The Image Gallery \u2013 Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajax_import_file function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level access and above, to move arbitrary image files on the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285 Improper Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:22:06.207Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12494", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:22:06.207Z", "dateReserved": "2025-10-29T20:58:17.650Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-15T05:45:34.066Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Image Gallery \u2013 Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajax_import_file function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level access and above, to move arbitrary image files on the server."}], "id": "CVE-2025-12494", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-15T06:15:42.213", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/modula-best-grid-gallery/tags/2.12.26/includes/admin/class-modula-gallery-upload.php#L554"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/modula-best-grid-gallery/tags/2.12.26/includes/admin/class-modula-gallery-upload.php#L567"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/modula-best-grid-gallery/tags/2.12.26/includes/admin/class-modula-gallery-upload.php#L589"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/modula-best-grid-gallery/tags/2.12.26/includes/admin/class-modula-gallery-upload.php#L597"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3391790/modula-best-grid-gallery/trunk?contextall=1&old=3390878&old_path=%2Fmodula-best-grid-gallery%2Ftrunk"}, {"source": "security@wordfence.com", "url": "https://research.cleantalk.org/cve-2025-12494/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca423309-d8bd-46a4-9e88-9534d9c60b4a?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T01:36:58.379397+00:00", "value": {"mitigation_remediation": ["Upgrade the Modula Image Gallery plugin to the latest release (minimum 2.12.29) to apply the path\u2011validation fix.", "Restrict the author and higher privileges for users that need to interact with the media import feature, or remove the capability that allows access to the AJAX endpoint entirely.", "If an immediate upgrade is not possible, temporarily block or disable the AJAX import endpoint (e.g., via .htaccess rules or a security plugin) until a patch is available.", "Implement file\u2011system integrity monitoring to detect unauthorized file moves or deletions and review server permissions to limit write access to the media directories."], "summary": {"action": "Upgrade", "impact": "File deletion and manipulation through improper authorization in the media import feature"}, "threat_synthesis": {"affected_systems": "All WordPress installations that use the Modula Image Gallery plugin by wpchill and have a plugin version of 2.12.28 or earlier, including every site configured with author or higher roles for the upload functionality.", "description_and_impact": "The Modula Image Gallery \u2013 Photo Grid & Video Gallery plugin allows authenticated WordPress users with author-level privileges or higher to execute an AJAX import that accepts a file path without proper validation, enabling the movement of arbitrary image files on the server. This flaw falls under CWE\u2011285 and can result in the deletion, relocation, or replacement of critical image assets, thereby affecting the integrity and availability of the site\u2019s media content and potentially compromising backups or stored media.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a moderate risk, and the EPSS score of less than 1% points to a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. An attacker would need to authenticate with an account that has at least author privileges and trigger an AJAX request to the vulnerable import endpoint. Once executed, the attacker could move or delete target files on the server, leading to content loss or potential privilege escalation if the files are system-critical. The attack vector is inferred from the AJAX import function and the requirement for authenticated use; no remote code execution is implied."}}}}, "created": "2025-11-15T22:07:23.533364+00:00", "updated": "2026-04-21T01:45:24.439143+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "wpchill", "wpchill$PRODUCT$image_photo_gallery_final_tiles_grid"]}