cleantalk
Vulnerabilities and Security Researches

Best WordPress Gallery Plugin – FooGallery, CVE-2024-0604

CVE, Research URL

CVE-2024-0604

Home page URL

Security reports for Best WordPress Gallery Plugin – FooGallery

Application

Best WordPress Gallery Plugin – FooGallery

Published on
Feb 29, 2024
Research Description
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max 2.4.9.
Status
vulnerable
Previous vulnerability researches
FooGallery Captions (CVE-2025-23889) , Jan 25, 2025
Best WordPress Gallery Plugin – FooGallery (CVE-2022-4974) , Nov 15, 2024
Best WordPress Gallery Plugin – FooGallery (CVE-2025-22624) , Feb 28, 2025
Best WordPress Gallery Plugin – FooGallery (CVE-2023-29439) , Jun 07, 2024
Best WordPress Gallery Plugin – FooGallery (CVE-2023-44244) , Jun 07, 2024
New vulnerability
Simple File List (CVE-2025-34085) , Jul 13, 2025
Pakke Envíos (CVE-2025-52819) , Jul 13, 2025
Gwolle Guestbook (CVE-2025-5807) , Jul 13, 2025
Tennis Court Bookings (CVE-2025-52787) , Jul 13, 2025
WPC Smart Compare for WooCommerce (CVE-2025-5530) , Jul 13, 2025