Unrated severityNVD Advisory· Published Jun 13, 2024· Updated Oct 30, 2024
FooGallery < 2.4.15 - Author+ Stored XSS
CVE-2024-2762
Description
The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <2.4.15
- Range: 0
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/92e0f5ca-0184-4e9c-b01a-7656e05dce69/mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.