The Photo Gallery by Ays – Responsive Image Gallery WordPress plugin suffers from a CSRF vulnerability identified as CVE-2025-13685. This vulnerability exists in all versions up to and including 6.4.8 due to the absence of nonce verification in the 'process_bulk_action()' function, which handles bulk operations like deleting, publishing, or unpublishing galleries. Nonce verification is a security mechanism used in WordPress to ensure that requests are intentional and originate from legitimate users. Without this protection, an attacker can craft a malicious request that, when executed by an authenticated administrator (e.g., by clicking a link), performs unauthorized bulk actions on the galleries. The attacker does not need to be authenticated themselves but relies on social engineering to induce the administrator's interaction. The vulnerability impacts the integrity of the galleries by allowing unauthorized modifications but does not compromise confidentiality or availability. The CVSS 3.1 score of 4.3 reflects this medium severity, with an attack vector of network, low attack complexity, no privileges required, and user interaction necessary. No known exploits have been reported, and no official patches are currently available, increasing the urgency for administrators to apply compensating controls. This vulnerability is particularly relevant for WordPress sites using this plugin, which is popular for responsive image galleries.

For European organizations, this vulnerability poses a moderate risk primarily to the integrity of website content managed via the affected plugin. Unauthorized bulk deletion or modification of galleries can disrupt business operations, damage brand reputation, and cause data loss of visual assets. Organizations relying on WordPress for marketing, e-commerce, or content management that use this plugin are vulnerable to targeted attacks, especially through phishing campaigns aimed at site administrators. While confidentiality and availability are not directly impacted, the integrity compromise can lead to operational disruptions and potential compliance issues if visual content is critical. The risk is heightened in sectors with high web presence such as media, retail, and education. Additionally, the lack of patches means organizations must rely on interim mitigations, increasing exposure time. The threat landscape in Europe, with increasing phishing sophistication and targeted attacks on web infrastructure, makes this vulnerability a relevant concern.

1. Immediately restrict administrative access to the bulk action functionality by limiting permissions to trusted users only. 2. Implement manual nonce verification in the plugin code if possible, or disable the bulk action feature until an official patch is released. 3. Educate administrators about the risks of phishing and social engineering, emphasizing caution before clicking on unsolicited links. 4. Monitor web server and WordPress logs for unusual bulk action requests or unexpected gallery modifications. 5. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious CSRF attempts targeting the plugin endpoints. 6. Regularly back up gallery data to enable recovery in case of unauthorized deletions. 7. Stay informed about updates from the plugin vendor and apply patches promptly once available. 8. Consider alternative gallery plugins with better security track records if immediate patching is not feasible.