cleantalk
Vulnerabilities and Security Researches

Best WordPress Gallery Plugin – FooGallery, CVE-2025-15524

CVE, Research URL

CVE-2025-15524

Home page URL

Security reports for Best WordPress Gallery Plugin – FooGallery

Application

Best WordPress Gallery Plugin – FooGallery

Published on
Feb 11, 2026
Research Description
The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_get_gallery_info() function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve metadata (name, image count, thumbnail URL) of private, draft, and password-protected galleries by enumerating gallery IDs.
Affected versions
max 3.1.10.
Status
vulnerable
Previous vulnerability researches
Squeeze (CVE-2024-35767) , Jun 22, 2024
Squeeze (CVE-2025-31002) , Apr 11, 2025
Squeeze (CVE-2025-31003) , Apr 11, 2025
Squeeze (CVE-2026-32415) , Mar 29, 2026
New vulnerability
BackWPup – WordPress Backup Plugin (CVE-2025-15041) , Mar 29, 2026
hCaptcha for WordPress (CVE-2026-25315) , Mar 29, 2026
Breeze – WordPress Cache Plugin (CVE-2025-13864) , Mar 29, 2026
SMTP Mailer (CVE-2026-32538) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2026-25362) , Mar 29, 2026