{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15524", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-01-14T22:20:55.626Z", "datePublished": "2026-02-11T01:23:33.617Z", "dateUpdated": "2026-04-08T16:35:59.195Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:35:59.195Z"}, "affected": [{"vendor": "fooplugins", "product": "Gallery by FooGallery", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.1.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_get_gallery_info() function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve metadata (name, image count, thumbnail URL) of private, draft, and password-protected galleries by enumerating gallery IDs."}], "title": "Gallery by FooGallery <= 3.1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Gallery Metadata Exposure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10735038-69dd-4b74-9374-38379832cdcb?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/foogallery/tags/3.1.6/includes/admin/class-gallery-editor.php#L300"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Mariusz Maik"}], "timeline": [{"time": "2025-12-31T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2026-01-14T22:36:30.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-02-10T12:28:05.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-11T15:37:18.726281Z", "id": "CVE-2025-15524", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T15:45:42.877Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15524", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-11T15:37:18.726281Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T15:37:19.406Z"}}], "cna": {"title": "Gallery by FooGallery <= 3.1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Gallery Metadata Exposure", "credits": [{"lang": "en", "type": "finder", "value": "Mariusz Maik"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "fooplugins", "product": "Gallery by FooGallery", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.1.9"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-31T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2026-01-14T22:36:30.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-02-10T12:28:05.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10735038-69dd-4b74-9374-38379832cdcb?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/foogallery/tags/3.1.6/includes/admin/class-gallery-editor.php#L300"}], "descriptions": [{"lang": "en", "value": "The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_get_gallery_info() function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve metadata (name, image count, thumbnail URL) of private, draft, and password-protected galleries by enumerating gallery IDs."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:35:59.195Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15524", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:35:59.195Z", "dateReserved": "2026-01-14T22:20:55.626Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-11T01:23:33.617Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_get_gallery_info() function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve metadata (name, image count, thumbnail URL) of private, draft, and password-protected galleries by enumerating gallery IDs."}, {"lang": "es", "value": "El plugin Gallery por FooGallery para WordPress es vulnerable al acceso no autorizado a datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n ajax_get_gallery_info() en todas las versiones hasta la 3.1.9, inclusive. Esto permite a atacantes autenticados, con acceso de nivel Suscriptor y superior, recuperar metadatos (nombre, recuento de im\u00e1genes, URL de la miniatura) de galer\u00edas privadas, en borrador y protegidas con contrase\u00f1a mediante la enumeraci\u00f3n de IDs de galer\u00eda."}], "id": "CVE-2025-15524", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-11T02:15:58.057", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/foogallery/tags/3.1.6/includes/admin/class-gallery-editor.php#L300"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10735038-69dd-4b74-9374-38379832cdcb?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.1.9]"}}], "product": "gallery_by_foogallery", "vendor": "fooplugins"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-22T15:31:02.661502+00:00", "value": {"mitigation_remediation": ["Upgrade Gallery by FooGallery to the latest version that includes an authorization check for ajax_get_gallery_info().", "If an upgrade cannot be performed immediately, implement a security plugin or custom code to block or validate requests to ajax_get_gallery_info() so only higher\u2011privileged users can access it.", "Review and tighten WordPress role capabilities, ensuring that Subscriber and lower roles do not have unnecessary access to gallery data; remove or limit gallery permissions as needed."], "summary": {"action": "Update", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Fooplugins off the Gallery by FooGallery plugin, all released versions up to and including 3.1.9 are affected. Any WordPress installation using these versions can potentially expose private gallery metadata to authenticated users.", "description_and_impact": "The Gallery by FooGallery plugin for WordPress contains a missing capability check in its ajax_get_gallery_info() function, allowing subscribers and higher-privileged users to request metadata for private, draft, or password\u2011protected galleries. An attacker who can log in with a Subscriber account can enumerate gallery IDs and retrieve names, image counts, and thumbnail URLs, exposing sensitive details about unsanctioned content. The weakness aligns with CWE\u2011862, highlighting insufficient authorization checks for data access.", "risk_and_exploitability": "The CVSS score is 4.3, indicating moderate severity, while the EPSS score of less than 1% shows low likelihood of exploitation. The vendor is not listed in CISA KEV. Exploitation requires an authenticated session with at least Subscriber role and access to the site\u2019s AJAX endpoint; an attacker can retrieve gallery metadata by iterating over gallery identifiers, but no code execution or privilege escalation is possible."}}}}, "created": "2026-02-11T21:46:16.736806+00:00", "updated": "2026-04-22T15:45:20.866411+00:00", "vendors": ["fooplugins", "fooplugins$PRODUCT$gallery_by_foogallery", "wordpress", "wordpress$PRODUCT$wordpress"]}