cleantalk
Vulnerabilities and Security Researches

Best WordPress Gallery Plugin – FooGallery, a7b60e5306ff87b47b34a38b5df1649b0ec9bedc

CVE, Research URL

a7b60e5306ff87b47b34a38b5df1649b0ec9bedc

Home page URL

Security reports for Best WordPress Gallery Plugin – FooGallery

Application

Best WordPress Gallery Plugin – FooGallery

Published on
May 04, 2020
Research Description
Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery &amp; Carousel [foogallery] < 1.9.25 FooGallery <= 1.9.24 - Authenticated Cross-Site Scripting The FooGallery plugin for WordPress is vulnerable to Cross-Site Scripting via the image title and caption parameters in the gallery media upload editor in versions up to, and including, 1.9.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.9.25.
Status
vulnerable
Previous vulnerability researches
Advance WP Query Search Filter (CVE-2025-26743) , Apr 15, 2025
Advance WP Query Search Filter (CVE-2025-14313) , Jan 10, 2026
Advance WP Query Search Filter (CVE-2025-14312) , Jan 10, 2026
New vulnerability
Easy Property Listings (954d639ee9d1925f0cd9c00bb886c0287fb1a0a4) , Jun 16, 2026
WordPress HelpDesk &amp; Support Ticket System Plugin &#8211; Octrace Support (a555f6c8f7dedd7ce1dc2bf0320a81620e185888) , Jun 16, 2026
Content Cards (db15348b77f6369b1ad606fa45976463479a86ea) , Jun 16, 2026
Simple Sitemap &#8211; Create a Responsive HTML Sitemap (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
Simple Sitemap &#8211; Create a Responsive HTML Sitemap (c994f986ce9fb7973cea8c145410cc031c9bab4b) , Jun 16, 2026