CVE-2025-12377
📋 TL;DR
The Envira Photo Gallery WordPress plugin has an authorization vulnerability that allows authenticated users with Author-level permissions or higher to modify arbitrary gallery data, such as removing images. This affects all versions up to and including 1.12.0, where the vulnerability was only partially patched. WordPress sites using this plugin are affected.
💻 Affected Systems
- Envira Photo Gallery WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Malicious authors could delete or modify all gallery content across the site, causing data loss and site defacement.
Likely Case
Author-level users could tamper with galleries they shouldn't have access to, potentially removing important images or disrupting site functionality.
If Mitigated
With proper user access controls and monitoring, impact is limited to authorized users misusing their privileges.
🎯 Exploit Status
Exploitation requires Author-level access. Multiple public references and code analysis available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 1.12.0
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Envira Photo Gallery. 4. Click 'Update Now' if available. 5. If no update available, download latest version from WordPress repository and manually update.
🔧 Temporary Workarounds
Restrict User Permissions
allTemporarily limit Author-level users' access or downgrade suspicious accounts to Contributor level.
Disable Plugin
linuxDeactivate the Envira Photo Gallery plugin until patched.
wp plugin deactivate envira-gallery-lite
🧯 If You Can't Patch
- Implement strict user access controls and audit Author-level accounts regularly.
- Enable detailed logging of gallery modifications and monitor for unauthorized changes.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for Envira Photo Gallery version 1.12.0 or earlier.Check Version:
wp plugin get envira-gallery-lite --field=versionVerify Fix Applied:
Verify plugin version is higher than 1.12.0 in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual gallery modification activity from Author-level users
- Multiple image deletion events in short timeframes
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with gallery modification actions
SIEM Query:
source="wordpress.log" AND ("envira_gallery" OR "ajax.php") AND ("delete" OR "remove" OR "modify")🔗 References
- https://drive.google.com/file/d/1AgsJeff1x4pQAFVGmoSwwU75iiH4-H_p/view?usp=sharing
- https://plugins.trac.wordpress.org/browser/envira-gallery-lite/trunk/includes/admin/ajax.php
- https://plugins.trac.wordpress.org/changeset/3387243/envira-gallery-lite/trunk/includes/admin/ajax.php?old=3133202&old_path=envira-gallery-lite%2Ftrunk%2Fincludes%2Fadmin%2Fajax.php
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3394455%40envira-gallery-lite&old=3387243%40envira-gallery-lite&sfp_email=&sfph_mail=
- https://research.cleantalk.org/cve-2025-12377/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/69a0d985-cc85-45ba-889d-1ed30d06f9ce?source=cve
