Vulnerabilities > Fooplugins > Foogallery > 2.4.15
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-08 | CVE-2024-12114 | Authorization Bypass Through User-Controlled Key vulnerability in Fooplugins Foogallery The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogallery_attachment_modal_save AJAX action due to missing validation on a user controlled key (img_id). | 4.3 |
| 2025-03-08 | CVE-2024-12119 | Cross-site Scripting vulnerability in Fooplugins Foogallery The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the default_gallery_title_size parameter in all versions up to, and including, 2.4.29 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-12-10 | CVE-2023-6947 | Path Traversal vulnerability in Fooplugins Foogallery 2.4.15 The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. | 7.7 |
| 2024-06-14 | CVE-2024-2122 | Cross-site Scripting vulnerability in Fooplugins Foogallery The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. | 5.4 |