Gallery by FooGallery < 3.1.10 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Gallery Metadata Exposure | CVE 2025-15524 | Plugin Vulnerabilities

Description

The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_get_gallery_info() function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve metadata (name, image count, thumbnail URL) of private, draft, and password-protected galleries by enumerating gallery IDs.

Affects Plugins

Fixed in 3.1.10

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/10735038-69dd-4b74-9374-38379832cdcb

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

s00me00ne

Verified

No

WPVDB ID

1a0b15a7-b487-4925-839b-89f9f315f08b

Timeline

Publicly Published

2026-02-10 (about 3 months ago)

Added

2026-02-10 (about 3 months ago)

Last Updated

2026-02-11 (about 3 months ago)

Other

Published

Title

Published

2025-01-16

Title

User Sync ActiveCampaign <= 1.3.2 - Missing Authorization

Published

2025-04-02

Title

Free Woocommerce Product Table View <= 1.78 - Missing Authorization to Arbitrary Content Deletion

Published

2026-04-09

Title

Tutor LMS < 3.9.8 - Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id'

Published

2024-04-30

Title

Google Typography <= 1.1.2 - Missing Authorization

Published

2025-12-10

Title

Carter for Elementor <= 1.0.2 - Missing Authorization