CVE-2024-2081
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-2081
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-2081.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-2081
- Published
- 2024-04-09T19:15:26Z
- Modified
- 2025-02-25T08:50:50.207964Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogalleryattachmentmodal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- References
Affected packages
Git / github.com/fooplugins/foogallery
Affected ranges
- Type
- GIT
- Repo
- https://github.com/fooplugins/foogallery
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.10.0
1.2.0
1.2.1
1.2.10
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
1.2.16
1.2.17
1.2.18
1.2.20
1.2.4
1.2.6
1.2.7
1.2.8
1.2.9
1.3.6
1.3.7
1.4.12
1.4.14
1.4.15
1.4.17
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.30
1.4.31
1.4.32
1.4.33
1.4.34
1.4.50
1.4.8
1.5.8
1.5.9
1.6.0
1.6.11
1.6.14
1.6.17
1.6.7
1.7.4
1.7.8
1.8.0
1.8.11
1.8.12
1.8.18
1.8.20
1.8.8
1.9.11
1.9.23
1.9.25
1.9.28
1.9.30
1.9.34
1.9.35
1.9.39
1.9.45
1.9.47
1.9.48
1.9.49
1.9.51
1.9.52
1.9.53
1.9.8
2.*
2.0.24
2.0.30
2.0.35
2.0.39
2.1.18
2.1.28
2.2.14
2.2.15
2.2.16
2.2.20
2.2.26
2.2.28
2.2.35
2.2.41
2.2.44
2.4.13
2.4.14
2.4.6
2.4.7
2.4.9
Other
ie10-justified-gallery-object-doesnt-support-action
v1.*
v1.1.8