FooGallery
Moderate fix1 remedy
cpe:2.3:a:fooplugins:foogallery:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 2.4.29
FooGallery WordPress Plugin Insecure Direct Object Reference Vulnerability Allowing Arbitrary Post Updates
Vulnerability
Patched
A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in the FooGallery WordPress plugin, specifically in versions through 2.4.29. The issue arises in the foogallery_attachment_modal_save AJAX action, where validation is lacking on a user-controlled key (img_id). This vulnerability enables authenticated attackers with the appropriate access level to modify arbitrary post and page content. However, for this vulnerability to have a significant impact, the Gallery Creator Role setting must be below 'Editor'.
Impact
Exploitation of this vulnerability allows authenticated users with the appropriate role to update any post or page, potentially leading to unauthorized content changes or the introduction of malicious elements.
Remediation
Users are advised to update the FooGallery plugin to version 2.4.30 or later.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
0.6exploitability
5.7remediation
7.7relevance
0.0threat
3.2urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.