The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-06-13T06:00:02.252Z
Updated: 2024-08-01T19:25:41.717Z
Reserved: 2024-03-21T14:49:02.926Z
Link: CVE-2024-2762
Vulnrichment
Updated: 2024-08-01T19:25:41.717Z
NVD
Status : Undergoing Analysis
Published: 2024-06-13T06:15:11.003
Modified: 2024-07-22T18:31:03.357
Link: CVE-2024-2762
Redhat
No data.