CVE-2025-22624 MEDIUM

CVE-2025-22624: FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 - Reflected cross-site scripting (XSS)

Vendor Bradvin
Product FooGallery - Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
Weakness CWE-79 · XSS
Published February 27, 2025
Last update July 10, 2025

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/extensions/albums/admin/class-meta boxes.php.

Key dates

02Disclosure timeline

February 27, 2025 CVE published
July 10, 2025 Record updated