VYPR
Vendor

Fooplugins

Products
2
CVEs
14
Across products
14
Status
Private

Products

2

Recent CVEs

14
  • CVE-2024-2122MedJun 14, 2024
    risk 0.42cvss 6.4epss 0.00

    The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-2081MedApr 9, 2024
    risk 0.42cvss 6.4epss 0.01

    The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes…

  • CVE-2024-2471MedApr 6, 2024
    risk 0.42cvss 6.4epss 0.00

    The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachment fields (such as 'Title', 'Alt Text', 'Custom URL', 'Custom Class', and 'Override Type') in all versions up to, and including, 2.4.14 due to insufficient input sanitization and…

  • CVE-2023-6747MedJan 3, 2024
    risk 0.42cvss 6.4epss 0.00

    The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2026-25362MedFeb 19, 2026
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FooPlugins FooGallery foogallery allows Stored XSS.This issue affects FooGallery: from n/a through <= 3.1.11.

  • CVE-2025-32139MedApr 10, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FooPlugins FooBox Image Lightbox foobox-image-lightbox.This issue affects FooBox Image Lightbox : from n/a through <= 2.7.33.

  • CVE-2024-0604MedFeb 29, 2024
    risk 0.29cvss 4.4epss 0.01

    The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2026-25363MedFeb 19, 2026
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in FooPlugins FooGallery foogallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FooGallery: from n/a through <= 3.1.11.

  • CVE-2023-29439May 16, 2023
    risk 0.05cvss epss 0.02

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions.

  • CVE-2025-6068Jul 11, 2025
    risk 0.00cvss epss 0.00

    The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes in all versions up to, and including, 2.4.31 due…

  • CVE-2024-12114Mar 8, 2025
    risk 0.00cvss epss 0.00

    The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogallery_attachment_modal_save AJAX action due to missing…

  • CVE-2024-12119Mar 8, 2025
    risk 0.00cvss epss 0.00

    The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the default_gallery_title_size parameter in all versions up to, and including, 2.4.29 due to insufficient input…

  • CVE-2024-2762Jun 13, 2024
    risk 0.00cvss epss 0.00

    The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site…

  • CVE-2023-44244Oct 2, 2023
    risk 0.00cvss epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.44 versions.