CVE-2025-12081
📋 TL;DR
The ACF Photo Gallery Field plugin for WordPress has a missing capability check that allows authenticated users with subscriber-level access or higher to modify titles, captions, and custom metadata of arbitrary media attachments. This affects all WordPress sites using vulnerable versions of the plugin.
💻 Affected Systems
- ACF Photo Gallery Field WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could deface websites by modifying media metadata, inject malicious content into captions/titles that could be displayed to users, or manipulate media data to support social engineering attacks.
Likely Case
Low-privileged users could vandalize media galleries by changing titles and captions, potentially causing confusion or minor content integrity issues.
If Mitigated
With proper access controls and monitoring, impact is limited to minor content manipulation that can be detected and reverted.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple - just sending crafted POST requests to the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 3.0
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'ACF Photo Gallery Field'. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete the plugin, then install the latest version from WordPress repository.
🔧 Temporary Workarounds
Remove vulnerable plugin
allDeactivate and delete the vulnerable plugin version
wp plugin deactivate navz-photo-gallery
wp plugin delete navz-photo-gallery
Restrict user registration
allTemporarily disable new user registration to prevent new low-privileged accounts
wp option update users_can_register 0
🧯 If You Can't Patch
- Implement strict access controls and monitor media modification activities
- Regularly audit and backup media metadata to detect and revert unauthorized changes
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'ACF Photo Gallery Field' version 3.0 or earlierCheck Version:
wp plugin get navz-photo-gallery --field=versionVerify Fix Applied:
Verify plugin version is greater than 3.0 or plugin is removed entirely📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=acf_photo_gallery_edit_save from low-privileged users
- Unexpected media metadata modifications
Network Indicators:
- HTTP POST requests containing acf_photo_gallery_edit_save parameter
SIEM Query:
source="wordpress" AND (url_path="/wp-admin/admin-ajax.php" AND post_data="*acf_photo_gallery_edit_save*")🔗 References
- https://plugins.trac.wordpress.org/browser/navz-photo-gallery/tags/3.0/includes/acf_photo_gallery_edit_save.php#L8
- https://plugins.trac.wordpress.org/browser/navz-photo-gallery/tags/3.0/navz-photo-gallery.php#L173
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3428006%40navz-photo-gallery&new=3428006%40navz-photo-gallery&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d52a1c67-e20d-4390-9d07-94337a31d193?source=cve
