First published: Mon Jun 14 2021(Updated: )
In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fooplugins Foogallery | <2.0.35 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-24357 is a vulnerability in the Best Image Gallery & Responsive Photo Gallery - FooGallery WordPress plugin before version 2.0.35 that allows for a stored Cross-Site Scripting (XSS) issue due to improper sanitization or validation of the Custom CSS field in each gallery.
WordPress websites using the FooGallery plugin before version 2.0.35 are affected by CVE-2021-24357, which can lead to a stored Cross-Site Scripting (XSS) vulnerability.
CVE-2021-24357 has a severity rating of medium with a CVSS score of 5.4.
To fix CVE-2021-24357, it is recommended to update the FooGallery WordPress plugin to version 2.0.35 or above, which includes the proper sanitization and validation of the Custom CSS field.
You can find more information about CVE-2021-24357 at the following reference link: [CVE-2021-24357 Reference](https://wpscan.com/vulnerability/950f46ae-4476-4969-863a-0e55752953b3)