Log out
Get PRO

Latest

Input validation vulnerability in Best WordPress Gallery Plugin – FooGallery 1.9.25

  • Severity: high-risk
  • Status: Fixed
  • Publication: May 4, 2020

The FooGallery plugin for WordPress is susceptible to a security vulnerability called Cross-Site Scripting. This vulnerability affects versions 1.9.24 and earlier of the plugin. It allows attackers, who are logged in to the website, to inject web scripts into pages that will run when those pages are accessed by other users. This occurs because the plugin does not properly sanitize the image title and caption parameters in the gallery media upload editor, or properly escape the output.

Detected in:

Best WordPress Gallery Plugin – FooGallery fixed vulnerable versions: >= * < 1.9.25
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel fixed vulnerable versions:
Responsive Photo Gallery Plugin – FooGallery fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.