Primary

Context

Gallery by FooGallery Missing Authorization Vulnerability Allowing Unauthorized Gallery Metadata Access

Vulnerability

Patched

A vulnerability exists in the Gallery by FooGallery plugin for WordPress, in all versions through 3.1.9. The issue arises from a lack of proper capability checks in the ajax_get_gallery_info() function. This flaw enables authenticated attackers with Subscriber-level access and above to access metadata from private, draft, and password-protected galleries by simply enumerating gallery IDs. The exposed metadata includes the gallery name, image count, and thumbnail URL.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive gallery metadata, including names, image counts, and thumbnail URLs, from private, draft, and password-protected galleries.

Remediation

Users are advised to update the Gallery by FooGallery plugin to version 3.1.10 or a newer patched version.

Added: Feb 11, 2026, 2:37 AM

Updated: Feb 11, 2026, 2:37 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

6.1

remediation

7.7

relevance

2.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

6.1

remediation

7.7

relevance

2.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gallery by FooGallery Missing Authorization Vulnerability Allowing Unauthorized Gallery Metadata Access

Vulnerability

Impact

Remediation

Affected Products

FooGallery

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating