11 matches found
CVE-2025-15524
The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxgetgalleryinfo function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
CVE-2025-15524
The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxgetgalleryinfo function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
CVE-2025-15524
The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxgetgalleryinfo function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
CVE-2025-15524
CVE-2025-15524 affects the WordPress plugin Gallery by FooGallery (versions up to and including 3.1.9). A missing capability check in ajax_get_gallery_info() allows authenticated users with Subscriber-level access and above to enumerate gallery IDs and retrieve private/draft/password-protected ga...
CVE-2025-15524 Gallery by FooGallery <= 3.1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Gallery Metadata Exposure
The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxgetgalleryinfo function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
CVE-2025-15524 Gallery by FooGallery <= 3.1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Gallery Metadata Exposure
The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxgetgalleryinfo function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
PT-2026-7481
The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax get gallery info function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and...
EUVD-2025-197688
The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the cgcheckwpadminuploadv10 AJAX action for both authenticated and unauthenticated users without implementing capability checks or non...
CVE-2025-12849 Contest Gallery <= 28.0.2 - Missing Authorization
The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the cgcheckwpadminuploadv10 AJAX action for both authenticated and unauthenticated users without implementing capability checks or non...
CVE-2025-12849 Contest Gallery <= 28.0.2 - Missing Authorization
The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the cgcheckwpadminuploadv10 AJAX action for both authenticated and unauthenticated users without implementing capability checks or non...
PT-2025-47044
Name of the Vulnerable Software and Affected Versions Contest Gallery plugin for WordPress versions up to and including 28.0.2 Description The Contest Gallery plugin for WordPress is susceptible to authorization bypass. The plugin registers the cg check wp admin upload v10 AJAX action for both...