The vulnerability identified as CVE-2025-15524 affects the Gallery by FooGallery plugin for WordPress, specifically versions up to and including 3.1.9. The root cause is a missing capability check in the ajax_get_gallery_info() function, which is responsible for retrieving gallery metadata via AJAX requests. This flaw allows any authenticated user with at least Subscriber-level privileges to bypass intended access controls and enumerate gallery IDs to retrieve sensitive metadata about galleries that are private, in draft status, or protected by passwords. The metadata exposed includes the gallery's name, the number of images contained, and the thumbnail URL, which could reveal sensitive organizational content or internal project information. The vulnerability does not permit modification or deletion of gallery content, nor does it expose actual image files directly, but the leakage of metadata can facilitate further targeted attacks or information gathering. Exploitation requires authentication but no additional user interaction, and the attack can be performed remotely over the network. The CVSS v3.1 base score is 4.3, reflecting a medium severity primarily due to the confidentiality impact and low complexity of exploitation. No patches or official fixes are currently linked, and no known exploits have been reported in the wild as of the publication date. The vulnerability is classified under CWE-862 (Missing Authorization).

For European organizations, this vulnerability poses a risk of unauthorized disclosure of sensitive gallery metadata, which may include internal project images or confidential visual assets. While it does not allow direct access to image files or modification of content, the leaked metadata can aid attackers in reconnaissance, potentially leading to more targeted phishing or social engineering campaigns. Organizations in sectors such as media, marketing, creative industries, and any entities relying on WordPress sites with FooGallery for private content management are particularly at risk. The exposure of draft or password-protected gallery information could undermine privacy policies or regulatory compliance, especially under GDPR, if personal or sensitive data is indirectly revealed. The ease of exploitation by low-privilege authenticated users increases the threat surface, as even compromised or low-level user accounts can be leveraged. Although the vulnerability does not cause service disruption, the confidentiality breach could damage organizational reputation and trust.

European organizations should immediately audit their WordPress installations to identify the presence of the Gallery by FooGallery plugin, especially versions up to 3.1.9. Since no official patches are currently linked, administrators should consider the following mitigations: restrict Subscriber-level user registrations or access where possible; implement strict user role management and monitoring to detect unusual access patterns; disable or limit AJAX endpoints related to gallery metadata retrieval via web application firewalls or custom code; employ network-level access controls to limit access to authenticated users with trusted roles; and monitor logs for suspicious enumeration attempts of gallery IDs. Additionally, organizations should contact the plugin vendor for updates or patches and plan for prompt application once available. Regular backups and security audits of WordPress plugins and themes should be enforced to reduce exposure to similar vulnerabilities.