WordPress Plugin Vulnerabilities

Best WordPress Gallery Plugin – FooGallery < 2.4.9 -Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

Affects Plugins

Plugin icon
foogallery
Fixed in 2.4.9

References

CVE
CVE-2024-0604
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/d17d9610-d0fd-419d-a7ea-e9c313f1c542

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Akbar Kustirama
Verified
No
WPVDB ID
4ee13792-c913-4890-9c68-8f0039e08b3c

Timeline

Publicly Published
2024-02-14 (about 3 months ago)
Added
2024-02-15 (about 2 months ago)
Last Updated
2024-02-15 (about 2 months ago)

Other

Published
Title
Published
2023-03-08
Title
Popup box < 3.4.5 - Reflected XSS
Published
2022-01-25
Title
AP Custom Testimonial < 1.4.8 - Reflected Cross-Site Scripting
Published
2014-08-01
Title
Xorbin Analog Flash Clock 1.0 - Flash-based XSS
Published
2021-10-04
Title
Events Made Easy < 2.2.24 - Admin+ Stored Cross-Site Scripting
Published
2017-11-14
Title
Affiliate Ads for Clickbank Products <= 1.6 - Stored Cross-Site Scripting (XSS)