Fooplugins

Foogallery

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2026-25363

  • EPSS 0.03%
  • Veröffentlicht 19.02.2026 08:26:59
  • Zuletzt bearbeitet 26.02.2026 20:31:36

Missing Authorization vulnerability in FooPlugins FooGallery foogallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FooGallery: from n/a through <= 3.1.11.

5.9

CVE-2026-25362

  • EPSS 0.03%
  • Veröffentlicht 19.02.2026 08:26:58
  • Zuletzt bearbeitet 20.02.2026 17:25:53

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FooPlugins FooGallery foogallery allows Stored XSS.This issue affects FooGallery: from n/a through <= 3.1.11.

4.3

CVE-2025-15524

  • EPSS 0.01%
  • Veröffentlicht 11.02.2026 01:23:33
  • Zuletzt bearbeitet 11.02.2026 15:27:26

The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_get_gallery_info() function in all versions up to, and including, 3.1.9. This makes it possible for authenticate...

5.4

CVE-2025-6068

  • EPSS 0.03%
  • Veröffentlicht 11.07.2025 07:23:00
  • Zuletzt bearbeitet 17.07.2025 13:11:47

The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes in all versions up to, ...

5.4

CVE-2024-12119

  • EPSS 0.09%
  • Veröffentlicht 08.03.2025 06:15:36
  • Zuletzt bearbeitet 13.03.2025 13:11:16

The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the default_gallery_title_size parameter in all versions up to, and including, 2.4.29 due to ...

4.3

CVE-2024-12114

  • EPSS 0.11%
  • Veröffentlicht 08.03.2025 06:15:35
  • Zuletzt bearbeitet 12.03.2025 16:24:29

The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogallery_attachment_modal_save AJAX a...

7.7

CVE-2023-6947

  • EPSS 3.46%
  • Veröffentlicht 10.12.2024 06:15:19
  • Zuletzt bearbeitet 24.02.2025 18:22:30

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. This makes it possible for authenticated attackers, with contributor level or higher to read the co...

5.4

CVE-2024-2122

  • EPSS 5.1%
  • Veröffentlicht 14.06.2024 06:15:11
  • Zuletzt bearbeitet 21.11.2024 09:09:04

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. Th...

5.4

CVE-2024-2762

Exploit
  • EPSS 0.31%
  • Veröffentlicht 13.06.2024 06:15:11
  • Zuletzt bearbeitet 21.11.2024 09:10:27

The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author ...

5.4

CVE-2024-2081

  • EPSS 0.4%
  • Veröffentlicht 09.04.2024 19:15:26
  • Zuletzt bearbeitet 24.02.2025 18:18:52

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and o...