CVE-2025-22624

FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 - Reflected cross-site scripting (XSS)

CVSS 5.1 MEDIUMEPSS 0.4%CWE-79

FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/extensions/albums/admin/class-meta boxes.php.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Affected products

bradvin · FooGallery - Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fluidattacks.com/advisories/skims-10/https://wordpress.org/plugins/foogallery/