🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Best WordPress Gallery Plugin – FooGallery

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Best WordPress Gallery Plugin – FooGallery

Information

Software Type	Plugin
Software Slug	foogallery (view on wordpress.org)
Software Status	Active
Software Author	bradvin
Software Website	fooplugins.com
Software Downloads	4,934,144
Software Active Installs	100,000
Software Record Last Updated	May 19, 2024

13 Vulnerabilities

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

8.8

CVE ID Unknown

Feb 25, 2019

Researchers:

FooGallery <= 1.9.24 - Authenticated Cross-Site Scripting

8.3

CVE ID Unknown

May 4, 2020

Researcher: Vishnupriya Ilango

FooGallery <= 2.2.44 - Reflected Cross-Site Scripting

7.2

CVE-2023-44244

Sep 29, 2023

Researcher: Vladislav Pokrovsky (ΞX.MI)

FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attachment Fields

6.4

CVE-2024-2471

Apr 5, 2024

Researcher: Tim Coen

FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVE-2024-2081

Apr 5, 2024

Researcher: Robert Kruczek (ProXy)

FooGallery Premium <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-6747

Jan 2, 2024

Researchers: Webbernaut, Debangshu Kundu, Arpeet Rathi, István Márton

FooGallery <= 2.0.34 - Stored Cross-Site Scripting

6.4

CVE-2021-24357

May 31, 2021

Researcher: avolume

Freemius SDK <= 2.4.2 - Missing Authorization Checks

6.3

CVE ID Unknown

Mar 4, 2022

Researchers:

Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get

6.1

CVE-2023-33999

Jul 18, 2023

Researcher: Rafie Muhammad

FooGallery <= 2.2.35 - Reflected Cross-Site Scripting

6.1

CVE-2023-29439

Apr 13, 2023

Researcher: LOURCODE

FooGallery <= 1.8.12 - Cross-Site Scripting

4.8

CVE-2019-20182

Jun 1, 2020

Researcher: Pablo Santiago

Best WordPress Gallery Plugin – FooGallery <= 2.4.7 -Authenticated(Administrator+) Stored Cross-Site Scripting via settings

4.4

CVE-2024-0604

Feb 14, 2024

Researcher: Akbar Kustirama

FooGallery <= 2.2.44 - Cross-Site Request Forgery

4.3

CVE-2023-44233

Sep 29, 2023

Researcher: Vladislav Pokrovsky (ΞX.MI)

Title	Status	CVE ID	CVSS	Researchers	Date
Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update	Patched		8.8		February 25, 2019
FooGallery <= 1.9.24 - Authenticated Cross-Site Scripting	Patched		8.3	Vishnupriya Ilango	May 4, 2020
FooGallery <= 2.2.44 - Reflected Cross-Site Scripting	Patched	CVE-2023-44244	7.2	Vladislav Pokrovsky (ΞX.MI)	September 29, 2023
FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attachment Fields	Patched	CVE-2024-2471	6.4	Tim Coen	April 5, 2024
FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting	Patched	CVE-2024-2081	6.4	Robert Kruczek (ProXy)	April 5, 2024
FooGallery Premium <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2023-6747	6.4	Webbernaut, Debangshu Kundu, Arpeet Rathi, István Márton	January 2, 2024
FooGallery <= 2.0.34 - Stored Cross-Site Scripting	Patched	CVE-2021-24357	6.4	avolume	May 31, 2021
Freemius SDK <= 2.4.2 - Missing Authorization Checks	Patched		6.3		March 4, 2022
Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get	Patched	CVE-2023-33999	6.1	Rafie Muhammad	July 18, 2023
FooGallery <= 2.2.35 - Reflected Cross-Site Scripting	Patched	CVE-2023-29439	6.1	LOURCODE	April 13, 2023
FooGallery <= 1.8.12 - Cross-Site Scripting	Patched	CVE-2019-20182	4.8	Pablo Santiago	June 1, 2020
Best WordPress Gallery Plugin – FooGallery <= 2.4.7 -Authenticated(Administrator+) Stored Cross-Site Scripting via settings	Patched	CVE-2024-0604	4.4	Akbar Kustirama	February 14, 2024
FooGallery <= 2.2.44 - Cross-Site Request Forgery	Patched	CVE-2023-44233	4.3	Vladislav Pokrovsky (ΞX.MI)	September 29, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation