CVE-2026-9134

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributekey' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomplete JavaScript event handler blacklist in the foogallerysanitizejavascript function, which blocks onl...

CVE-2026-9134

The FooGallery WordPress plugin is vulnerable to Stored XSS in versions up to 3.1.31 through the custom_attribute_key shortcode parameter. Root cause: incomplete JavaScript event handler blacklist in foogallery_sanitize_javascript() and failure to escape the attribute key in foogallery_build_cont...

CVE-2026-9134 Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_attribute_key' Shortcode Parameter

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributekey' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomplete JavaScript event handler blacklist in the foogallerysanitizejavascript function, which blocks onl...

CVE-2026-25362

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FooPlugins FooGallery foogallery allows Stored XSS.This issue affects FooGallery: from n/a through = 3.1.11...

CVE-2025-15524

CVE-2025-15524 affects the WordPress plugin Gallery by FooGallery (versions up to and including 3.1.9). A missing capability check in ajax_get_gallery_info() allows authenticated users with Subscriber-level access and above to enumerate gallery IDs and retrieve private/draft/password-protected ga...

CVE-2019-20182

The FooGallery plugin 1.8.12 for WordPress allow XSS via the posttitle parameter...

CVE-2023-29439

Unauth. Reflected Cross-Site Scripting XSS vulnerability in FooPlugins FooGallery plugin = 2.2.35 versions...

CVE-2024-2081

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogalleryattachmentmodalsave action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-2471

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachment fields such as 'Title', 'Alt Text', 'Custom URL', 'Custom Class', and 'Override Type' in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This...

EUVD-2023-48592

Malicious code in bioql PyPI...

EUVD-2024-27420

Malicious code in bioql PyPI...

EUVD-2023-58960

Malicious code in bioql PyPI...

EUVD-2023-48603

Malicious code in bioql PyPI...

CVE-2025-6068

The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-caption-title & data-caption-description HTML attributes in all versions up to, and including, 2.4.31 due to insufficient input...

CVE-2025-6068

Summary (CVE-2025-6068) The FooGallery plugin for WordPress (versions up to and including 2.4.31) is affected by a stored DOM-based cross-site scripting vulnerability. The issue arises from insufficient input sanitization and output escaping in the data-caption-title and data-caption-description ...

WordPress plugin FooGallery 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin FooGallery has a cross-site scripting vulnerability, the vulnerability stems from the...

PT-2025-29214 · WordPress · Foogallery

Name of the Vulnerable Software and Affected Versions: FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress versions through 2.4.31 Description: The FooGallery plugin for WordPress is susceptible to Stored Cross-Site Scripting due to insufficient...

CVE-2024-0604

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-44233

Cross-Site Request Forgery CSRF vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin = 2.2.44 versions...

CVE-2023-44244

Unauth. Reflected Cross-Site Scripting XSS vulnerability in FooPlugins FooGallery plugin = 2.2.44 versions...