virus logo Intrusion Prevention

WordPress.Plugin.FooGallery.Lightbox.XSS

description-logoDescription

This indicates the detection of a Cross-Site Scripting vulnerability in WordPress FooGallery Plugin.
The vulnerability is caused by improper sanitization of user input in the image title or caption parameters in the gallery media upload editor. A remote attacker may be able to exploit this to execute arbitrary script code.

affected-products-logoAffected Products

FooGallery plugin 1.9.24 and below.

Impact logoImpact

System Compromise : Remote attackers can execute arbitrary script code within the context of the target user's browser

recomended-action-logoRecommended Actions

Update to the version 1.9.25 or above.
https://wordpress.org/plugins/foogallery/#developers

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-08-26 15.912 Name:FG-VD-20-060_Fooplugins.
0day:WordPress.
Plugin.
FooGallery.
Lightbox.
XSS
2020-05-20 15.847 Default_action:pass:drop
2020-05-12 15.842

References

https://plugins.trac.wordpress.org/browser/foogallery/trunk/README.txt https://wordpress.org/plugins/foogallery/#developers
ID 48993
Created May 12, 2020
Updated May 04, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID
Default Action drop
Active
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App PHP_app