FooGallery - Reflected cross-site scripting (XSS)
Detected by

Fluid Attacks SAST Scanner
Disclosed by Andres Roldan
Summary
Full name
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 - Reflected cross-site scripting (XSS)
Code name
State
Public
Release date
5 de mar. de 2024
Affected product
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel
Affected version(s)
Version 2.4.29
Fixed version(s)
2.4.30
Vulnerability name
Reflected cross-site scripting (XSS)
Vulnerability type
Remotely exploitable
No
CVSS v4.0 vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
CVSS v4.0 base score
5.1
Exploit available
No
CVE ID(s)
Description
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/extensions/albums/admin/class-meta boxes.php.
Vulnerability
Skims by Fluid Attacks discovered a Reflected cross-site scripting (XSS) in FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29. The following is the output of the tool:
Skims output
Our security policy
We have reserved the ID CVE-2025-22624 to refer to this issue from now on.
System Information
Version: FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29
References
Product: https://wordpress.org/plugins/foogallery/
Mitigation
An updated version of FooGallery is available at the vendor page.
Credits
The vulnerability was discovered by Andres Roldan from Fluid Attacks' Offensive Team using Fluid Attacks' SAST Scanner.
Timeline
6 de dez. de 2024
Vulnerability discovered
21 de fev. de 2025
Vendor contacted
4 de mar. de 2025
Vulnerability patched
5 de mar. de 2025
Public disclosure
Does your application use this vulnerable software?
During our free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.