CVE-2025-12494 | Image Gallery Plugin up to 2.12.28 on WordPress ajax_import_file improper authorization

Inserito da Angelo Barbosa | Nov 14, 2025 | CVE

A vulnerability labeled as critical has been found in Image Gallery Plugin up to 2.12.28 on WordPress. Impacted is the function ajax_import_file. Executing manipulation can lead to improper authorization.

The identification of this vulnerability is CVE-2025-12494. The attack may be launched remotely. There is no exploit available.

CVE-2025-12494 | Image Gallery Plugin up to 2.12.28 on WordPress ajax_import_file improper authorization

Post correlati

CVE-2024-0734 | Smsot up to 2.12 /get.php tid sql injection

CVE-2023-51697 | advplyr audiobookshelf up to 2.6.x podcastUtils.js server-side request forgery

CVE-2025-60139 | Joovii Sendle Shipping Plugin up to 6.02 on WordPress cross-site request forgery

CVE-2024-7255 | Google Chrome up to 127.0.6533.72 WebTransport out-of-bounds