Stored Cross-Site Scripting in FooGallery WordPress Plugin (<=2.0.35)

Stored Cross-Site Scripting in FooGallery WordPress Plugin (<=2.0.35)

CVE-2021-24357 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue.

Learn more about our Wordpress Pen Testing.