CVE-2026-25362

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FooPlugins FooGallery foogallery allows Stored XSS.This issue affects FooGallery: from n/a through = 3.1.11...

CVE-2025-15524

CVE-2025-15524 affects the WordPress plugin Gallery by FooGallery (versions up to and including 3.1.9). A missing capability check in ajax_get_gallery_info() allows authenticated users with Subscriber-level access and above to enumerate gallery IDs and retrieve private/draft/password-protected ga...

CVE-2019-20182

The FooGallery plugin 1.8.12 for WordPress allow XSS via the posttitle parameter...

CVE-2023-29439

Unauth. Reflected Cross-Site Scripting XSS vulnerability in FooPlugins FooGallery plugin = 2.2.35 versions...

CVE-2024-2081

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogalleryattachmentmodalsave action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-2471

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachment fields such as 'Title', 'Alt Text', 'Custom URL', 'Custom Class', and 'Override Type' in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This...

EUVD-2024-27420

Malicious code in bioql PyPI...

EUVD-2023-48603

Malicious code in bioql PyPI...

EUVD-2023-58960

Malicious code in bioql PyPI...

EUVD-2023-48592

Malicious code in bioql PyPI...

CVE-2025-6068

The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-caption-title & data-caption-description HTML attributes in all versions up to, and including, 2.4.31 due to insufficient input...

CVE-2025-6068

Summary (CVE-2025-6068) The FooGallery plugin for WordPress (versions up to and including 2.4.31) is affected by a stored DOM-based cross-site scripting vulnerability. The issue arises from insufficient input sanitization and output escaping in the data-caption-title and data-caption-description ...

PT-2025-29214 · WordPress · Foogallery

Name of the Vulnerable Software and Affected Versions: FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress versions through 2.4.31 Description: The FooGallery plugin for WordPress is susceptible to Stored Cross-Site Scripting due to insufficient...

WordPress plugin FooGallery 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin FooGallery has a cross-site scripting vulnerability, the vulnerability stems from the...

CVE-2024-0604

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-44233

Cross-Site Request Forgery CSRF vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin = 2.2.44 versions...

CVE-2023-44244

Unauth. Reflected Cross-Site Scripting XSS vulnerability in FooPlugins FooGallery plugin = 2.2.44 versions...

CVE-2023-6947

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. This makes it possible for authenticated attackers, with contributor level or higher to read the contents of arbitrary folders on the server, whic...

CVE-2021-24357

In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue...

CVE-2024-12114

The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogalleryattachmentmodalsave AJAX action due to missing validation on a user controll...