CVE-2025-22624: 
WordPress vulnerability analysis and mitigation

FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel version 2.4.29 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. The vulnerability exists in the web application where it dynamically generates web content without validating the source of potentially untrusted data in myapp/extensions/albums/admin/class-meta boxes.php (Fluid Attacks).

The vulnerability is classified as a Reflected Cross-Site Scripting (XSS) issue, identified as CVE-2025-22624. According to the CVSS v4.0 scoring system, it has received a score of 6.4 (Medium), with the following vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H. The vulnerability is related to improper neutralization of input during web page generation (CWE-79) (NVD).

The vulnerability allows an attacker to inject malicious scripts that can be executed in the context of other users' browsers when they visit the affected pages. This could lead to unauthorized access to sensitive information, session hijacking, or other malicious activities that could compromise the security of the web application (Fluid Attacks).

At the time of disclosure, there was no official patch available for this vulnerability. Website administrators running FooGallery version 2.4.29 should monitor for updates and apply them as soon as they become available (Fluid Attacks).