{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6068", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-13T14:00:13.538Z", "datePublished": "2025-07-11T07:23:00.715Z", "dateUpdated": "2026-04-08T17:13:33.722Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:13:33.722Z"}, "affected": [{"vendor": "fooplugins", "product": "Gallery by FooGallery", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.4.31", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a6be4aaa-f8a1-42d6-95c1-062c5ca51004?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/foogallery/trunk/extensions/default-templates/shared/js/foogallery.min.js"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3322251%40foogallery&new=3322251%40foogallery&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Craig Smith"}], "timeline": [{"time": "2025-06-21T18:22:08.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-07-10T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-11T16:52:15.376982Z", "id": "CVE-2025-6068", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-11T16:52:22.590Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6068", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-11T16:52:15.376982Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-11T16:52:18.469Z"}}], "cna": {"title": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Craig Smith"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "fooplugins", "product": "Gallery by FooGallery", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.4.31"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-21T18:22:08.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-07-10T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a6be4aaa-f8a1-42d6-95c1-062c5ca51004?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/foogallery/trunk/extensions/default-templates/shared/js/foogallery.min.js"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3322251%40foogallery&new=3322251%40foogallery&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:13:33.722Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6068", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:13:33.722Z", "dateReserved": "2025-06-13T14:00:13.538Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-11T07:23:00.715Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fooplugins:foogallery:*:*:*:*:-:wordpress:*:*", "matchCriteriaId": "F2D2EA15-F104-45E5-82AC-5BC7AC3EF861", "versionEndExcluding": "2.4.32", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry &amp; Carousel para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s de los atributos HTML `data-caption-title` y `data-caption-description` en todas las versiones hasta la 2.4.31 incluida, debido a una depuraci\u00f3n de entrada y un escape de salida insuficientes. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en las p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-6068", "lastModified": "2025-07-17T13:11:47.847", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-11T08:15:24.280", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/foogallery/trunk/extensions/default-templates/shared/js/foogallery.min.js"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3322251%40foogallery&new=3322251%40foogallery&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a6be4aaa-f8a1-42d6-95c1-062c5ca51004?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T19:44:55.717988+00:00", "value": {"mitigation_remediation": ["Upgrade Foogallery to a version newer than 2.4.31.", "Temporarily reduce Contributor or higher role privileges until the plugin is updated, or review role permissions to minimize exposure.", "If a patch is not yet available, restrict access to the gallery editor to trusted users only."], "summary": {"action": "Patch Now", "impact": "Stored Cross\u2011Site Scripting in the Foogallery WordPress plugin"}, "threat_synthesis": {"affected_systems": "The vulnerability affects WordPress installations running Foogallery plugin versions 2.4.31 and earlier under the vendor Fooplugins: Gallery by Foogallery.", "description_and_impact": "The Foogallery plugin contains a stored cross\u2011site scripting vulnerability that allows authenticated contributors to inject arbitrary web scripts through the `data-caption-title` and `data-caption-description` attributes. The input is insufficiently sanitized or escaped, so the malicious script will execute in any visitor\u2019s browser when the gallery page containing the injected content is loaded, resulting in client\u2011side code execution on site visitors.", "risk_and_exploitability": "The CVSS score of 6.4 classifies the flaw as moderate, while an EPSS score of less than 1\u202f% indicates a low immediate exploitation probability. The flaw is not listed in the CISA KEV catalog. The vulnerability requires authenticated Contributor or higher access; if credentials are obtained, the injected script will run for all users who view the vulnerable gallery page."}}}}, "created": "2026-04-21T19:45:16.083129+00:00", "updated": "2026-04-21T19:45:16.083146+00:00", "vendors": []}