WordPress Plugin Vulnerabilities

FooGallery < 1.9.25 - Authenticated Cross-Site Scripting (XSS)

Description

The FooGallery WordPress plugin was found to be vulnerable to Authenticated Cross-Site Scripting (XSS).

"The vulnerability is caused by improper sanitization of user input in the image title or caption parameters in the gallery media upload editor. Thereby it can lead to an XSS in the default lightbox feature."

Affects Plugins

Plugin icon
foogallery
Fixed in 1.9.25

References

URL
https://fortiguard.com/zeroday/FG-VD-20-060

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
VishnuPriya Ilango of Fortinet's FortiGuard Labs
Verified
No
WPVDB ID
297228e3-729b-487c-8cf5-2fc7548ea840

Timeline

Publicly Published
2020-08-26 (about 5 years ago)
Added
2020-08-26 (about 5 years ago)
Last Updated
2020-08-27 (about 5 years ago)

Other

Published
Title
Published
2025-12-31
Title
Add Featured Image Custom Link <= 2.0.0 - Authenticated (Author+) Stored Cross-Site Scripting
Published
2026-02-24
Title
Rise Blocks – A Complete Gutenberg Page Builder <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Identity Block Attributes
Published
2024-03-28
Title
Slider by Supsystic < 1.8.11 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2023-08-29
Title
Arya Multipurpose Pro <= 1.0.8 - Reflected XSS
Published
2025-06-05
Title
The Events Calendar Countdown Addon < 1.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting