The vulnerability CVE-2025-15524 affects the Gallery by FooGallery plugin for WordPress, specifically versions up to and including 3.1.9. The root cause is a missing capability check in the ajax_get_gallery_info() function, which is responsible for retrieving gallery metadata via AJAX requests. This flaw allows any authenticated user with at least Subscriber-level privileges to enumerate gallery IDs and retrieve metadata for galleries that are private, in draft status, or protected by passwords. The leaked metadata includes the gallery's name, the number of images it contains, and the thumbnail URL. Because the authorization check is absent, the plugin fails to restrict access to sensitive gallery information, violating the principle of least privilege. The vulnerability is remotely exploitable over the network without requiring user interaction beyond login. The CVSS v3.1 base score is 4.3, reflecting low impact on confidentiality and no impact on integrity or availability. No patches or fixes are currently linked, and no active exploitation has been reported. The vulnerability is classified under CWE-862 (Missing Authorization).

This vulnerability primarily impacts confidentiality by exposing metadata of private and protected galleries to unauthorized users with minimal privileges. While the leaked data does not include the actual images or their content, the metadata could reveal sensitive organizational or personal information, such as gallery names that might indicate project details or private events. Attackers could leverage this information for social engineering, reconnaissance, or to identify targets for further attacks. Since the vulnerability requires only Subscriber-level access, it lowers the barrier for internal threat actors or compromised low-privilege accounts to gather sensitive information. The lack of impact on integrity and availability limits the scope to information disclosure, but this can still have reputational and privacy consequences for organizations. WordPress sites using this plugin, especially those hosting sensitive or confidential galleries, are at risk until mitigations or patches are applied.

Organizations should immediately verify if they use the Gallery by FooGallery plugin and identify the version in use. Since no official patch links are provided, administrators should consider the following mitigations: 1) Restrict Subscriber-level accounts from accessing the plugin's AJAX endpoints by implementing custom capability checks or web application firewall (WAF) rules that block unauthorized AJAX requests to ajax_get_gallery_info(). 2) Temporarily disable or deactivate the FooGallery plugin if the galleries contain sensitive information and no patch is available. 3) Monitor logs for unusual access patterns or enumeration attempts targeting gallery IDs. 4) Limit the number of users with Subscriber or higher privileges to trusted personnel only. 5) Stay alert for official patches or updates from the vendor and apply them promptly once released. 6) Consider isolating sensitive galleries or migrating to alternative gallery plugins with robust authorization controls. 7) Conduct regular security audits on WordPress plugins to detect missing authorization issues proactively.