CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6947 – Best WordPress Gallery Plugin – FooGallery <= 2.4.16 - Authenticated (Contributor+) Directory Traversal
https://notcve.org/view.php?id=CVE-2023-6947
09 Dec 2024 — The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. This makes it possible for authenticated attackers, with contributor level or higher to read the contents of arbitrary folders on the server, which can contain sensitive information such as folder structure. • https://github.com/fooplugins/foogallery/pull/263/commits/9989f6f4f4d478ec04cb634d09b18c87a5b31c4d • CWE-25: Path Traversal: '/../filedir' •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2024-2762 – FooGallery < 2.4.15 - Author+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-2762
23 May 2024 — The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin El complemento FooGallery de WordPress anterior a 2.4.15, el complemento foogallery-premium de WordPress anterior a 2.4.15 no valida ni escapa algunas de... • https://wpscan.com/vulnerability/92e0f5ca-0184-4e9c-b01a-7656e05dce69 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •