Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

FooPlugins — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting FooPlugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

FooPlugins develops WordPress security and optimization plugins, with 17 CVEs recorded to date. Historically, vulnerabilities have commonly included remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and access control flaws. Security researchers have identified multiple instances where improper sanitization allowed attackers to execute arbitrary code or manipulate plugin functionality. While no major public breaches have been widely documented, the consistent pattern of vulnerabilities in their products highlights ongoing challenges in secure coding practices. Users are advised to maintain current versions and implement additional security layers to mitigate potential risks.

Top products by FooPlugins: Gallery by FooGallery FooGallery Lightbox & Modal Popup WordPress Plugin – FooBox Best Image Gallery & Responsive Photo Gallery – FooGallery Best WordPress Gallery Plugin – FooGallery FooBox Image Lightbox
CVE IDTitleCVSSSeverityPublished
CVE-2026-25363 WordPress FooGallery plugin <= 3.1.11 - Broken Access Control vulnerability — FooGalleryCWE-862 4.3 Medium2026-02-19
CVE-2026-25362 WordPress FooGallery plugin <= 3.1.11 - Cross Site Scripting (XSS) vulnerability — FooGalleryCWE-79 5.9 Medium2026-02-19
CVE-2025-15524 Gallery by FooGallery <= 3.1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Gallery Metadata Exposure — Gallery by FooGalleryCWE-862 4.3 Medium2026-02-11
CVE-2025-6068 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Gallery by FooGalleryCWE-79 6.4 Medium2025-07-11
CVE-2025-5537 Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.34 - Authenticated (Author+) Stored Cross-Site Scripting — Lightbox & Modal Popup WordPress Plugin – FooBoxCWE-79 6.4 Medium2025-07-08
CVE-2025-32139 WordPress Lightbox & Modal Popup WordPress Plugin – FooBox plugin <= 2.7.33 - Cross Site Scripting (XSS) vulnerability — FooBox Image LightboxCWE-79 5.9 Medium2025-04-10
CVE-2024-12119 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Authenticated (Custom+) Stored Cross-Site Scripting via Album Title Size — Gallery by FooGalleryCWE-79 6.4 Medium2025-03-08
CVE-2024-12114 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates — Gallery by FooGalleryCWE-639 4.3 Medium2025-03-08
CVE-2024-5668 Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.28 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes — Lightbox & Modal Popup WordPress Plugin – FooBoxCWE-79 6.4 Medium2024-08-08
CVE-2024-2122 FooGallery <= 2.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Custom URL — Gallery by FooGalleryCWE-79 6.4 Medium2024-06-14
CVE-2024-2081 FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting — Gallery by FooGalleryCWE-79 6.4 Medium2024-04-09
CVE-2024-2471 FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attachment Fields — Gallery by FooGalleryCWE-79 6.4 Medium2024-04-06
CVE-2024-0604 Best WordPress Gallery Plugin – FooGallery <= 2.4.7 -Authenticated(Administrator+) Stored Cross-Site Scripting via settings — Gallery by FooGalleryCWE-79 4.4 Medium2024-02-20
CVE-2023-44233 WordPress FooGallery Plugin <= 2.2.44 is vulnerable to Cross Site Request Forgery (CSRF) — Best WordPress Gallery Plugin – FooGalleryCWE-352 5.4 Medium2023-10-06
CVE-2023-44244 WordPress FooGallery Plugin <= 2.2.44 is vulnerable to Cross Site Scripting (XSS) — FooGalleryCWE-79 7.1 High2023-10-02
CVE-2023-29439 WordPress FooGallery Plugin <= 2.2.35 is vulnerable to Cross Site Scripting (XSS) — FooGalleryCWE-79 7.1 High2023-05-16
CVE-2021-24357 FooGallery < 2.0.35 - Authenticated Stored Cross-Site Scripting — Best Image Gallery & Responsive Photo Gallery – FooGalleryCWE-79 5.4 -2021-06-14

This page lists every published CVE security advisory associated with FooPlugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.