VYPR

Foogallery

by WordPress

Source repositories

CVEs (11)

  • CVE-2024-2081MedApr 9, 2024
    risk 0.42cvss 6.4epss 0.01

    The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes…

  • CVE-2024-2471MedApr 6, 2024
    risk 0.42cvss 6.4epss 0.00

    The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachment fields (such as 'Title', 'Alt Text', 'Custom URL', 'Custom Class', and 'Override Type') in all versions up to, and including, 2.4.14 due to insufficient input sanitization and…

  • CVE-2023-6747MedJan 3, 2024
    risk 0.42cvss 6.4epss 0.00

    The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2026-9134MedJun 13, 2026
    risk 0.35cvss 6.4epss 0.00

    The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomplete JavaScript event handler blacklist in the foogallery_sanitize_javascript()…

  • CVE-2025-22624MedFeb 27, 2025
    risk 0.33cvss epss 0.00

    FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in…

  • CVE-2024-0604MedFeb 29, 2024
    risk 0.29cvss 4.4epss 0.01

    The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2023-29439May 16, 2023
    risk 0.05cvss epss 0.02

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions.

  • CVE-2023-44233Oct 6, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin <= 2.2.44 versions.

  • CVE-2023-44244Oct 2, 2023
    risk 0.00cvss epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.44 versions.

  • CVE-2021-24357Jun 14, 2021
    risk 0.00cvss epss 0.01

    In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site…

  • CVE-2019-20182Jan 9, 2020
    risk 0.00cvss epss 0.01

    The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_title parameter.