FooGallery Plugin Vulnerable to Directory Traversal

CVE-2023-6947

7.7HIGH

Key Information

Vendor: Https://fooplugins.com
Status: Foogallery Premium
Vendor: CVE Published:; 10 December 2024

Summary

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. This makes it possible for authenticated attackers, with contributor level or higher to read the contents of arbitrary folders on the server, which can contain sensitive information such as folder structure.

Affected Version(s)

FooGallery Premium <= 2.4.26

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Dec 10, 2024
Disclosed
Dec 9, 2024
Vulnerability Reserved.
Dec 19, 2023

Collectors

NVD DatabaseMitre Database

Credit

Colin Xu