cbcvebase.

Fooplugins Foogallery vulnerabilities

17 known vulnerabilities affecting fooplugins/foogallery.

Total CVEs
17
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM15

Vulnerabilities

Page 1 of 1
CVE-2023-29439P3MEDIUMCVSS 6.1PoC≤ 2.2.35≥ n/a, ≤ 2.2.352023-05-16
CVE-2023-29439 [MEDIUM] CWE-79 CVE-2023-29439: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions.
nvd
CVE-2023-6947P3HIGHCVSS 7.7fixed in 2.4.272024-12-10
CVE-2023-6947 [HIGH] CWE-25 CVE-2023-6947: The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Directory Trave The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. This makes it possible for authenticated attackers, with contributor level or higher to read the contents of arbitrary folders on the server, which can contain sensitive information such as folder structur
nvd
CVE-2023-44233P4HIGHCVSS 8.8≤ 2.2.442023-10-06
CVE-2023-44233 [HIGH] CWE-352 CVE-2023-44233: Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGal Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin <= 2.2.44 versions.
nvd
CVE-2024-2081P4MEDIUMCVSS 5.4fixed in 2.4.152024-04-09
CVE-2024-2081 [MEDIUM] CWE-79 CVE-2024-2081: The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Si The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above,
nvd
CVE-2024-2122P4MEDIUMCVSS 5.4fixed in 2.4.162024-06-14
CVE-2024-2122 [MEDIUM] CWE-79 CVE-2024-2122: The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Si The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arb
nvd
CVE-2024-12119P4MEDIUMCVSS 5.4fixed in 2.4.302025-03-08
CVE-2024-12119 [MEDIUM] CWE-79 CVE-2024-12119: The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for Wo The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the default_gallery_title_size parameter in all versions up to, and including, 2.4.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker
nvd
CVE-2025-6068P4MEDIUMCVSS 5.4fixed in 2.4.322025-07-11
CVE-2025-6068 [MEDIUM] CWE-79 CVE-2025-6068: The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for Wo The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping. This makes it possible
nvd
CVE-2024-12114P4MEDIUMCVSS 4.3fixed in 2.4.302025-03-08
CVE-2024-12114 [MEDIUM] CWE-639 CVE-2024-12114: The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for Wo The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogallery_attachment_modal_save AJAX action due to missing validation on a user controlled key (img_id). This makes it possible for authent
nvd
CVE-2021-24357P4MEDIUMCVSS 5.4fixed in 2.0.352021-06-14
CVE-2021-24357 [MEDIUM] CWE-79 CVE-2021-24357: In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, th In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue.
nvd
CVE-2023-6747P4MEDIUMCVSS 5.4fixed in 2.4.62024-01-03
CVE-2023-6747 [MEDIUM] CWE-79 CVE-2023-6747: The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Si The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributors and above to inject arbitrary web scripts in pages that will execute wh
nvd
CVE-2024-2762P4MEDIUMCVSS 5.4fixed in 2.4.152024-06-13
CVE-2024-2762 [MEDIUM] CWE-79 CVE-2024-2762: The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 do The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as ad
nvd
CVE-2024-2471P4MEDIUMCVSS 5.4fixed in 2.4.152024-04-06
CVE-2024-2471 [MEDIUM] CWE-79 CVE-2024-2471: The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachmen The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachment fields (such as 'Title', 'Alt Text', 'Custom URL', 'Custom Class', and 'Override Type') in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with au
nvd
CVE-2023-44244P4MEDIUMCVSS 6.1≤ 2.2.44≥ n/a, ≤ 2.2.442023-10-02
CVE-2023-44244 [MEDIUM] CWE-79 CVE-2023-44244: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.44 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.44 versions.
nvd
CVE-2026-25363P4MEDIUMCVSS 4.3≤ 3.1.112026-02-19
CVE-2026-25363 [MEDIUM] CWE-862 CVE-2026-25363: Missing Authorization vulnerability in FooPlugins FooGallery foogallery allows Exploiting Incorrectl Missing Authorization vulnerability in FooPlugins FooGallery foogallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FooGallery: from n/a through <= 3.1.11.
nvd
CVE-2026-25362P4MEDIUMCVSS 5.9≤ 3.1.112026-02-19
CVE-2026-25362 [MEDIUM] CWE-79 CVE-2026-25362: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FooPlugins FooGallery foogallery allows Stored XSS.This issue affects FooGallery: from n/a through <= 3.1.11.
nvd
CVE-2019-20182P4MEDIUMCVSS 4.8≤ 1.8.122020-01-09
CVE-2019-20182 [MEDIUM] CWE-79 CVE-2019-20182: The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_title parameter. The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_title parameter.
nvd
CVE-2024-0604P4MEDIUMCVSS 4.8≤ 2.4.72024-02-29
CVE-2024-0604 [MEDIUM] CWE-79 CVE-2024-0604: The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Si The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrar
nvd
Fooplugins Foogallery vulnerabilities | cvebase