CVE-2025-22624

MEDIUM

FooGallery 2.4.29 - Info Disclosure

Title source: llm
STIX 2.1

Description

FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/extensions/albums/admin/class-meta boxes.php.

References (2)

Core 2
Core References
Various Sources third-party-advisory
https://fluidattacks.com/advisories/skims-10/

Scores

CVSS v4 5.1
EPSS 0.0038
EPSS Percentile 30.4%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
bradvin/FooGallery - Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel 2.4.29
Published Feb 27, 2025
Tracked Since Feb 18, 2026