cbcvebase.
CVE-2025-6068
published 2025-07-11

CVE-2025-6068: The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…

PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.20%
10.4th percentile
The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affected

6 ranges
VendorProductVersion rangeFixed in
foopluginsfoogallery< 2.4.322.4.32
foopluginsgallery_by_foogallery<= 2.4.31
linuxlinux_kernel>= 6.1.159 < 6.1.1606.1.160
linuxlinux_kernel>= 6.12.60 < 6.12.616.12.61
linuxlinux_kernel>= 6.17.10 < 6.17.116.17.11
linuxlinux_kernel>= 6.6.119 < 6.6.1206.6.120

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vendor_redhat5.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.