A critical security vulnerability has been identified in the Image Photo Gallery Final Tiles Grid Plugin for WordPress, raising concerns about WordPress security and the potential risks of malware. This Cross-Site Scripting (XSS) vulnerability, with high severity, was discovered and reported by Rafie Muhammad of Patchstack.

The XSS vulnerability in the Image Photo Gallery Final Tiles Grid Plugin enables attackers to inject malicious scripts into your website’s code. When visitors access your site, these injected scripts can trigger unauthorized redirects, display unwanted advertisements, or manipulate your website’s HTML content. As a result, your website’s security and integrity are compromised, and sensitive data may be exposed to potential theft or unauthorized access.


The severity of this vulnerability is classified as high, with a CVSS 3.1 score of 7.1. This highlights the serious implications it holds for WordPress security and emphasizes the need for immediate action.

Affected Plugin Version:

All versions of the Image Photo Gallery Final Tiles Grid Plugin up to version 3.5.8 are vulnerable to this exploit.


Exploiting this vulnerability allows attackers to execute harmful actions, potentially leading to data breaches, unauthorized access, and reputation damage. It poses a significant threat to your website’s security and puts your visitors’ trust at risk.


To protect your website from potential attacks and ensure robust WordPress security, immediate action is crucial. Update your Image Photo Gallery Final Tiles Grid Plugin to the latest available version, 3.5.8, without delay. This critical update includes vital fixes to eliminate the vulnerability, safeguarding your website from potential XSS attacks and WordPress malware risks.

As responsible WordPress website owners, prioritizing security is paramount. Stay vigilant, update your plugins regularly, and follow the best security practices to maintain a secure online environment for your visitors and users. By promptly addressing vulnerabilities and staying informed about emerging threats, you can effectively mitigate risks and protect your WordPress website from potential harm.