FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel

Information

Software Type Plugin
Software Slug foogallery (view on wordpress.org)
Software Status Active
Software Author bradvin
Software Website fooplugins.com
Software Downloads 5,496,613
Software Active Installs 100,000
Software Record Last Updated April 9, 2025

18 Vulnerabilities

Submit a Vulnerability
Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update
8.8
CVE ID Unknown
Feb 25, 2019
Researchers:
FooGallery <= 1.9.24 - Authenticated Cross-Site Scripting
8.3
CVE ID Unknown
May 4, 2020
Researcher: Vishnupriya Ilango
FooGallery <= 2.2.44 - Reflected Cross-Site Scripting
7.2
CVE-2023-44244
Sep 29, 2023
Researcher: R3N0
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Authenticated (Custom+) Stored Cross-Site Scripting via Album Title Size
6.4
CVE-2024-12119
Mar 7, 2025
Researcher: Stiofan
FooGallery <= 2.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Custom URL
6.4
CVE-2024-2122
Jun 13, 2024
Researcher: Robert Kruczek (ProXy)
FooGallery (Free and Premium) < 2.4.15 - Authenticated (Author+) Stored Cross-Site Scripting
6.4
CVE-2024-2762
May 23, 2024
Researcher: Dmitrii Ignatyev
FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting
6.4
CVE-2024-2081
Apr 5, 2024
Researcher: Robert Kruczek (ProXy)
FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attachment Fields
6.4
CVE-2024-2471
Apr 5, 2024
Researcher: Tim Coen
FooGallery Premium <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2023-6747
Jan 2, 2024
Researchers: Webbernaut, Debangshu Kundu, Arpeet Rathi, István Márton
FooGallery <= 2.0.34 - Stored Cross-Site Scripting
6.4
CVE-2021-24357
May 31, 2021
Researcher: avolume
Freemius SDK <= 2.4.2 - Missing Authorization Checks
6.3
CVE-2022-4974
Mar 4, 2022
Researchers:
FooGallery <= 2.4.29 - Reflected Cross-Site Scripting
6.1
CVE-2025-22624
Feb 27, 2025
Researcher: Andres Roldan
Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get
6.1
CVE-2023-33999
Jul 18, 2023
Researcher: Rafie Muhammad
FooGallery <= 2.2.35 - Reflected Cross-Site Scripting
6.1
CVE-2023-29439
Apr 13, 2023
Researcher: LOURCODE
FooGallery <= 1.8.12 - Cross-Site Scripting
4.8
CVE-2019-20182
Jun 1, 2020
Researcher: Pablo Santiago
Best WordPress Gallery Plugin – FooGallery <= 2.4.7 -Authenticated(Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2024-0604
Feb 14, 2024
Researcher: Akbar Kustirama
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates
4.3
CVE-2024-12114
Mar 7, 2025
Researcher: Stiofan
FooGallery <= 2.2.44 - Cross-Site Request Forgery
4.3
CVE-2023-44233
Sep 29, 2023
Researcher: R3N0
Title Status CVE ID CVSS Researchers Date
Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update Patched 8.8 February 25, 2019
FooGallery <= 1.9.24 - Authenticated Cross-Site Scripting Patched 8.3 Vishnupriya Ilango May 4, 2020
FooGallery <= 2.2.44 - Reflected Cross-Site Scripting Patched CVE-2023-44244 7.2 R3N0 September 29, 2023
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Authenticated (Custom+) Stored Cross-Site Scripting via Album Title Size Patched CVE-2024-12119 6.4 Stiofan March 7, 2025
FooGallery <= 2.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Custom URL Patched CVE-2024-2122 6.4 Robert Kruczek (ProXy) June 13, 2024
FooGallery (Free and Premium) < 2.4.15 - Authenticated (Author+) Stored Cross-Site Scripting Patched CVE-2024-2762 6.4 Dmitrii Ignatyev May 23, 2024
FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting Patched CVE-2024-2081 6.4 Robert Kruczek (ProXy) April 5, 2024
FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attachment Fields Patched CVE-2024-2471 6.4 Tim Coen April 5, 2024
FooGallery Premium <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2023-6747 6.4 Webbernaut, Debangshu Kundu, Arpeet Rathi, István Márton January 2, 2024
FooGallery <= 2.0.34 - Stored Cross-Site Scripting Patched CVE-2021-24357 6.4 avolume May 31, 2021
Freemius SDK <= 2.4.2 - Missing Authorization Checks Patched CVE-2022-4974 6.3 March 4, 2022
FooGallery <= 2.4.29 - Reflected Cross-Site Scripting Patched CVE-2025-22624 6.1 Andres Roldan February 27, 2025
Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get Patched CVE-2023-33999 6.1 Rafie Muhammad July 18, 2023
FooGallery <= 2.2.35 - Reflected Cross-Site Scripting Patched CVE-2023-29439 6.1 LOURCODE April 13, 2023
FooGallery <= 1.8.12 - Cross-Site Scripting Patched CVE-2019-20182 4.8 Pablo Santiago June 1, 2020
Best WordPress Gallery Plugin – FooGallery <= 2.4.7 -Authenticated(Administrator+) Stored Cross-Site Scripting via settings Patched CVE-2024-0604 4.4 Akbar Kustirama February 14, 2024
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates Patched CVE-2024-12114 4.3 Stiofan March 7, 2025
FooGallery <= 2.2.44 - Cross-Site Request Forgery Patched CVE-2023-44233 4.3 R3N0 September 29, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.