Description
The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_get_gallery_info() function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve metadata (name, image count, thumbnail URL) of private, draft, and password-protected galleries by enumerating gallery IDs.
Published: 2026-02-11
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Update
AI Analysis

Impact

The Gallery by FooGallery plugin for WordPress contains a missing capability check in its ajax_get_gallery_info() function, allowing subscribers and higher-privileged users to request metadata for private, draft, or password‑protected galleries. An attacker who can log in with a Subscriber account can enumerate gallery IDs and retrieve names, image counts, and thumbnail URLs, exposing sensitive details about unsanctioned content. The weakness aligns with CWE‑862, highlighting insufficient authorization checks for data access.

Affected Systems

Fooplugins off the Gallery by FooGallery plugin, all released versions up to and including 3.1.9 are affected. Any WordPress installation using these versions can potentially expose private gallery metadata to authenticated users.

Risk and Exploitability

The CVSS score is 4.3, indicating moderate severity, while the EPSS score of less than 1% shows low likelihood of exploitation. The vendor is not listed in CISA KEV. Exploitation requires an authenticated session with at least Subscriber role and access to the site’s AJAX endpoint; an attacker can retrieve gallery metadata by iterating over gallery identifiers, but no code execution or privilege escalation is possible.

Generated by OpenCVE AI on April 22, 2026 at 15:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Gallery by FooGallery to the latest version that includes an authorization check for ajax_get_gallery_info().
  • If an upgrade cannot be performed immediately, implement a security plugin or custom code to block or validate requests to ajax_get_gallery_info() so only higher‑privileged users can access it.
  • Review and tighten WordPress role capabilities, ensuring that Subscriber and lower roles do not have unnecessary access to gallery data; remove or limit gallery permissions as needed.

Generated by OpenCVE AI on April 22, 2026 at 15:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Feb 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Fooplugins
Fooplugins gallery By Foogallery
Wordpress
Wordpress wordpress
Vendors & Products Fooplugins
Fooplugins gallery By Foogallery
Wordpress
Wordpress wordpress

Wed, 11 Feb 2026 01:45:00 +0000

Type Values Removed Values Added
Description The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_get_gallery_info() function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve metadata (name, image count, thumbnail URL) of private, draft, and password-protected galleries by enumerating gallery IDs.
Title Gallery by FooGallery <= 3.1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Gallery Metadata Exposure
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Fooplugins Gallery By Foogallery
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:35:59.195Z

Reserved: 2026-01-14T22:20:55.626Z

Link: CVE-2025-15524

cve-icon Vulnrichment

Updated: 2026-02-11T15:37:19.406Z

cve-icon NVD

Status : Deferred

Published: 2026-02-11T02:15:58.057

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-15524

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T15:45:20Z

Weaknesses