CVE-2025-15524
Awaiting Analysis Awaiting Analysis - Queue
Unauthorized Data Access in FooGallery WordPress Plugin via Missing Capability Check

Publication date: 2026-02-11

Last updated on: 2026-02-11

Assigner: Wordfence

Description
The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_get_gallery_info() function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve metadata (name, image count, thumbnail URL) of private, draft, and password-protected galleries by enumerating gallery IDs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-14
NVD
CVE-2025-15524
EUVD
EUVD-2025-206936
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
foogallery foogallery to 3.1.9 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Gallery by FooGallery plugin for WordPress has a vulnerability due to a missing capability check in the ajax_get_gallery_info() function in all versions up to and including 3.1.9.

This flaw allows authenticated attackers with Subscriber-level access or higher to retrieve metadata such as the name, image count, and thumbnail URL of private, draft, and password-protected galleries by enumerating gallery IDs.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive gallery metadata that is intended to be private or restricted.

Attackers with low-level authenticated access can enumerate gallery IDs to access information about private, draft, or password-protected galleries, potentially exposing confidential or sensitive content details.

While the vulnerability does not allow modification or deletion of data, the exposure of metadata could aid attackers in further reconnaissance or targeted attacks.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to access the ajax_get_gallery_info() AJAX endpoint of the FooGallery plugin with an authenticated user account having Subscriber-level access or higher.'}, {'type': 'paragraph', 'content': 'You can test for unauthorized access by enumerating gallery IDs and checking if metadata (name, image count, thumbnail URL) of private, draft, or password-protected galleries is returned without proper capability checks.'}, {'type': 'paragraph', 'content': 'A possible command using curl to test this (replace URL, nonce, and gallery ID accordingly) is:'}, {'type': 'list_item', 'content': "curl -X POST -b 'wordpress_logged_in=your_auth_cookie' -d 'action=foogallery_ajax_get_gallery_info&gallery_id=GALLERY_ID&_ajax_nonce=NONCE_VALUE' https://yourwordpresssite.com/wp-admin/admin-ajax.php"}, {'type': 'paragraph', 'content': 'If the response returns gallery metadata for galleries that should be private or restricted, the vulnerability is present.'}] [2]

Mitigation Strategies

Immediate mitigation steps include updating the FooGallery plugin to a version later than 3.1.9 where this vulnerability is fixed.

If an update is not immediately possible, restrict access to the ajax_get_gallery_info() AJAX endpoint by limiting access to trusted users only or by implementing additional server-side access controls.

Additionally, review and tighten user roles and permissions to ensure that only trusted users have Subscriber-level or higher access.

Monitoring and logging AJAX requests to detect unusual enumeration attempts can also help in early detection and response.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15524. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart