Best WordPress Gallery Plugin – FooGallery, a7b60e5306ff87b47b34a38b5df1649b0ec9bedc

CVE, Research URL: a7b60e5306ff87b47b34a38b5df1649b0ec9bedc
Home page URL: Security reports for Best WordPress Gallery Plugin – FooGallery
Application: Best WordPress Gallery Plugin – FooGallery
Published on: May 04, 2020
Research Description: Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel [foogallery] < 1.9.25 FooGallery <= 1.9.24 - Authenticated Cross-Site Scripting The FooGallery plugin for WordPress is vulnerable to Cross-Site Scripting via the image title and caption parameters in the gallery media upload editor in versions up to, and including, 1.9.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.9.25.
Status: vulnerable