Reflected XSS vulnerability – risk level

  • Resolved Robert Poth

    (@rpweb777)


    1 year ago

    According to the information by Wordfence, Foogallery is vulnerable to Reflected Cross-Site Scripting (Reflected XSS). I tried to determine the risk level, since Foogallery is installed on 4 of my websites. According to various web sources, Reflected XSS needs user interaction to do any damage, e.g. tricking a user into clicking on a “crafted link”.

    I don’t see any user interaction possibilites provided by Foogallery on the frontend for not logged-in users. So this vulnerability appears to be only relevant for authenticated (logged-in) users, which, in the case of my websites, means only myself = low risk.

    But I could be wrong. We’ll have to wait on information provided by the authors of Foogallery.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support elviiso

    (@elviiso)

    1 year ago

    Hi @rpweb777

    Thank you for reaching out with your concerns regarding the recent security disclosure about FooGallery. We have been aware of this and want to assure you that this issue poses an extremely low risk – just as you have also determined – and cannot be exploited by an external user without specific conditions being met.

    Our development team is already working on a fix, and we will be releasing an update shortly. In the meantime, there is no immediate action required on your end, and your website remains secure under normal usage conditions.

    We appreciate your patience and understanding as we continue to enhance FooGallery’s security. If you have any questions, feel free to reach out—we’re happy to assist.

    christinahills

    (@christinahills)

    1 year ago

    I’m in the same situation and would rather not delete the plugin as I love it.

    I’m commenting here so I get a reply once it’s updated

    thanks!

    Ken Gagne

    (@kgagne)

    1 year ago

    Hey, Christina! You can also click the “Subscribe” link in the right sidebar to get updates on a thread without commenting on it.

    Plugin Support elviiso

    (@elviiso)

    1 year ago

    Hi @rpweb777 @christinahills @kgagne

    Thank you for your patience as we worked on resolving the recently reported security issue in FooGallery.

    We’re happy to inform you that our development team has released a patch that fully addresses the vulnerability. To ensure your site remains secure and up to date, we strongly recommend updating FooGallery to the latest version as soon as possible.

    To update, simply navigate to Plugins > Installed Plugins in your WordPress dashboard and update FooGallery to the latest version. If you have automatic updates enabled, the patch will be applied if it hasn’t already.

    We appreciate your vigilance and your trust in FooGallery. If you have any questions or need further assistance, feel free to reach out—we’re happy to help!

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Reflected XSS vulnerability – risk level’ is closed to new replies.

  • 6 replies
  • 4 participants
  • Last reply from: elviiso
  • Last activity: 1 year ago
  • Status: resolved