FooGallery

Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates vulnerability <= 2.4.29

Authenticated (Custom+) Stored CrossSite Scripting via Album Title Size vulnerability <= 2.4.29

Reflected CrossSite Scripting vulnerability <= 2.4.29

Authenticated (Contributor+) Stored CrossSite Scripting via Gallery Custom URL vulnerability <= 2.4.15

Authenticated (Author+) Stored CrossSite Scripting via Image Attachment Fields vulnerability <= 2.4.14