Description
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/extensions/albums/admin/class-meta boxes.php.
References (2)
Core 2
Core References
Various Sources third-party-advisory
https://fluidattacks.com/advisories/skims-10/
Product product
https://wordpress.org/plugins/foogallery/
Scores
CVSS v4
5.1
EPSS
0.0038
EPSS Percentile
30.4%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
bradvin/FooGallery - Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
2.4.29
Published
Feb 27, 2025
Tracked Since
Feb 18, 2026