Vulnerabilities and security researches forfoogallery foogallery

Direction: ascending

Jun 07, 2024

Best WordPress Gallery Plugin – FooGallery # CVE-2023-29439

CVE, Research URL: CVE-2023-29439
Home page URL: Security reports for Best WordPress Gallery Plugin – FooGallery
Application: Best WordPress Gallery Plugin – FooGallery
Date: May 16, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions.
Affected versions: Min -, max -.
Status: vulnerable

Best WordPress Gallery Plugin – FooGallery # CVE-2023-44244

CVE, Research URL: CVE-2023-44244
Home page URL: Security reports for Best WordPress Gallery Plugin – FooGallery
Application: Best WordPress Gallery Plugin – FooGallery
Date: Oct 02, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.44 versions.
Affected versions: Min -, max -.
Status: vulnerable

Best WordPress Gallery Plugin – FooGallery # CVE-2019-20182

CVE, Research URL: CVE-2019-20182
Home page URL: Security reports for Best WordPress Gallery Plugin – FooGallery
Application: Best WordPress Gallery Plugin – FooGallery
Date: Jan 10, 2020
Research Description: The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_title parameter.
Affected versions: Min -, max -.
Status: vulnerable

Best WordPress Gallery Plugin – FooGallery # CVE-2021-24357

CVE, Research URL: CVE-2021-24357
Home page URL: Security reports for Best WordPress Gallery Plugin – FooGallery
Application: Best WordPress Gallery Plugin – FooGallery
Date: Jun 14, 2021
Research Description: In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue.
Affected versions: Min -, max -.
Status: vulnerable

Best WordPress Gallery Plugin – FooGallery # CVE-2024-2081

CVE, Research URL: CVE-2024-2081
Home page URL: Security reports for Best WordPress Gallery Plugin – FooGallery
Application: Best WordPress Gallery Plugin – FooGallery
Date: Apr 10, 2024
Research Description: The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Best WordPress Gallery Plugin – FooGallery # CVE-2024-2762

CVE, Research URL: CVE-2024-2762
Home page URL: Security reports for Best WordPress Gallery Plugin – FooGallery
Application: Best WordPress Gallery Plugin – FooGallery
Date: Jun 13, 2024
Research Description: The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
Affected versions: Min -, max -.
Status: vulnerable

Best WordPress Gallery Plugin – FooGallery # CVE-2024-2471

CVE, Research URL: CVE-2024-2471
Home page URL: Security reports for Best WordPress Gallery Plugin – FooGallery
Application: Best WordPress Gallery Plugin – FooGallery
Date: Apr 06, 2024
Research Description: The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachment fields (such as 'Title', 'Alt Text', 'Custom URL', 'Custom Class', and 'Override Type') in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Best WordPress Gallery Plugin – FooGallery # CVE-2024-0604

CVE, Research URL: CVE-2024-0604
Home page URL: Security reports for Best WordPress Gallery Plugin – FooGallery
Application: Best WordPress Gallery Plugin – FooGallery
Date: Feb 29, 2024
Research Description: The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: Min -, max -.
Status: vulnerable

Best WordPress Gallery Plugin – FooGallery # CVE-2023-44233

CVE, Research URL: CVE-2023-44233
Home page URL: Security reports for Best WordPress Gallery Plugin – FooGallery
Application: Best WordPress Gallery Plugin – FooGallery
Date: Oct 06, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin <= 2.2.44 versions.
Affected versions: Min -, max -.
Status: vulnerable

Jun 17, 2024

Best WordPress Gallery Plugin – FooGallery # CVE-2024-2122

CVE, Research URL: CVE-2024-2122
Home page URL: Security reports for Best WordPress Gallery Plugin – FooGallery
Application: Best WordPress Gallery Plugin – FooGallery
Date: Jun 14, 2024
Research Description: The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Nov 15, 2024

Best WordPress Gallery Plugin – FooGallery # CVE-2022-4974

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Best WordPress Gallery Plugin – FooGallery
Application: Best WordPress Gallery Plugin – FooGallery
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

Feb 28, 2025

Best WordPress Gallery Plugin – FooGallery # CVE-2025-22624

CVE, Research URL: CVE-2025-22624
Home page URL: Security reports for Best WordPress Gallery Plugin – FooGallery
Application: Best WordPress Gallery Plugin – FooGallery
Date: Feb 28, 2025
Research Description: FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/extensions/albums/admin/class-meta boxes.php.
Affected versions: Min -, max -.
Status: vulnerable

Mar 09, 2025

Best WordPress Gallery Plugin – FooGallery # CVE-2024-12119

CVE, Research URL: CVE-2024-12119
Home page URL: Security reports for Best WordPress Gallery Plugin – FooGallery
Application: Best WordPress Gallery Plugin – FooGallery
Date: Mar 08, 2025
Research Description: The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the default_gallery_title_size parameter in all versions up to, and including, 2.4.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with granted gallery and album creator roles, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Best WordPress Gallery Plugin – FooGallery # CVE-2024-12114

CVE, Research URL: CVE-2024-12114
Home page URL: Security reports for Best WordPress Gallery Plugin – FooGallery
Application: Best WordPress Gallery Plugin – FooGallery
Date: Mar 08, 2025
Research Description: The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogallery_attachment_modal_save AJAX action due to missing validation on a user controlled key (img_id). This makes it possible for authenticated attackers, with granted access and above, to update arbitrary post and page content. This requires the Gallery Creator Role setting to be a value lower than 'Editor' for there to be any real impact.
Affected versions: Min -, max -.
Status: vulnerable

Jul 12, 2025

Best WordPress Gallery Plugin – FooGallery # CVE-2025-6068

CVE, Research URL: CVE-2025-6068
Home page URL: Security reports for Best WordPress Gallery Plugin – FooGallery
Application: Best WordPress Gallery Plugin – FooGallery
Date: Jul 11, 2025
Research Description: The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable