Vulnerabilities > Fooplugins > Foogallery > 2.4.16
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-08 | CVE-2024-12114 | Authorization Bypass Through User-Controlled Key vulnerability in Fooplugins Foogallery The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogallery_attachment_modal_save AJAX action due to missing validation on a user controlled key (img_id). | 4.3 |
| 2025-03-08 | CVE-2024-12119 | Cross-site Scripting vulnerability in Fooplugins Foogallery The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the default_gallery_title_size parameter in all versions up to, and including, 2.4.29 due to insufficient input sanitization and output escaping. | 5.4 |