cleantalk
Vulnerabilities and Security Researches

Best WordPress Gallery Plugin – FooGallery, CVE-2024-2081

CVE, Research URL

CVE-2024-2081

Home page URL

Security reports for Best WordPress Gallery Plugin – FooGallery

Application

Best WordPress Gallery Plugin – FooGallery

Published on
Apr 10, 2024
Research Description
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.4.15.
Status
vulnerable
Previous vulnerability researches
FooGallery Captions (CVE-2025-23889) , Jan 25, 2025
Best WordPress Gallery Plugin – FooGallery (CVE-2022-4974) , Nov 15, 2024
Best WordPress Gallery Plugin – FooGallery (CVE-2025-22624) , Feb 28, 2025
Best WordPress Gallery Plugin – FooGallery (CVE-2023-29439) , Jun 07, 2024
Best WordPress Gallery Plugin – FooGallery (CVE-2023-44244) , Jun 07, 2024
New vulnerability
Simple File List (CVE-2025-34085) , Jul 13, 2025
Pakke Envíos (CVE-2025-52819) , Jul 13, 2025
Gwolle Guestbook (CVE-2025-5807) , Jul 13, 2025
Tennis Court Bookings (CVE-2025-52787) , Jul 13, 2025
WPC Smart Compare for WooCommerce (CVE-2025-5530) , Jul 13, 2025