FooGallery < 2.4.15 – Author+ Stored XSS | CVE 2024-2762 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin

Proof of Concept

Create a new Gallery (with at least one image) and put the below payload in the Gallery Settings > Advanced >  Custom Attributes settings

123="" onpointerenter="alert(/XSS/)"

The XSS will be triggered in page/post where the gallery is embed and the mouse is moved over the image from the gallery

Affects Plugins

Fixed in 2.4.15

foogallery-premium

Fixed in 2.4.15

References

CVE

URL

https://research.cleantalk.org/cve-2024-2762/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

92e0f5ca-0184-4e9c-b01a-7656e05dce69

Timeline

Publicly Published

2024-05-23 (about 1 months ago)

Added

2024-05-23 (about 1 months ago)

Last Updated

2024-06-06 (about 20 days ago)

Other

Published

Title

Published

2022-01-06

Title

Ultimate Reviews < 3.0.16 - Admin+ Stored Cross-Site Scripting

Published

2023-11-10

Title

Sponsors <= 3.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Published

2022-09-26

Title

Social Media Follow Buttons Bar <= 4.73 - Admin+ Stored XSS

Published

2023-02-14

Title

Client Logo Carousel <= 3.0.0 - Contributor+ Stored XSS

Published

2023-03-28

Title

Custom Post Type and Taxonomy GUI Manager <= 1.1 - Stored XSS via CSRF