WordPress FooGallery 2.4.16 Cross Site Scripting

2024.07.02

Credit: tmrswrr

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: FooGallery version : 2.4.16 Stored XSS
# Date: 2024-07-02
# Exploit Author: tmrswrr
# Category : Webapps
# Vendor Homepage: https://wordpress.org/plugins/foogallery/
# Version 2.4.16


### Steps to Execute the Payload:

1. **Click Add New Gallery**: [Add New Gallery](https://127.0.0.1/wp-admin/post-new.php?post_type=foogallery)
2. **Write Add Title your payload**: `"><sVg/onLy=1 onLoaD=confirm(1)//`
3. **Click Publish**, then click **Create Gallery Page**.
4. **Verify Execution**: You will see the payload executed in the usage field.

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

WordPress FooGallery 2.4.16 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

WordPress FooGallery 2.4.16 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.