cleantalk
Vulnerabilities and Security Researches

Best WordPress Gallery Plugin – FooGallery, CVE-2025-15524

CVE, Research URL

CVE-2025-15524

Home page URL

Security reports for Best WordPress Gallery Plugin – FooGallery

Application

Best WordPress Gallery Plugin – FooGallery

Published on
Feb 11, 2026
Research Description
The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_get_gallery_info() function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve metadata (name, image count, thumbnail URL) of private, draft, and password-protected galleries by enumerating gallery IDs.
Affected versions
max 3.1.10.
Status
vulnerable
Previous vulnerability researches
Nelio AB Testing (CVE-2026-25378) , Feb 27, 2026
Nelio AB Testing (CVE-2016-10977) , Jun 06, 2024
Nelio AB Testing (CVE-2016-10926) , Jun 06, 2024
Nelio AB Testing (CVE-2016-10927) , Jun 06, 2024
Nelio AB Testing (CVE-2017-18547) , Jun 06, 2024
New vulnerability
BackWPup – WordPress Backup Plugin (CVE-2025-15041) , Mar 29, 2026
hCaptcha for WordPress (CVE-2026-25315) , Mar 29, 2026
Breeze – WordPress Cache Plugin (CVE-2025-13864) , Mar 29, 2026
SMTP Mailer (CVE-2026-32538) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2026-25362) , Mar 29, 2026