CVE-2025-6068
published 2025-07-11CVE-2025-6068: The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.20%
10.4th percentile
The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fooplugins | foogallery | < 2.4.32 | 2.4.32 |
| fooplugins | gallery_by_foogallery | <= 2.4.31 | — |
| linux | linux_kernel | >= 6.1.159 < 6.1.160 | 6.1.160 |
| linux | linux_kernel | >= 6.12.60 < 6.12.61 | 6.12.61 |
| linux | linux_kernel | >= 6.17.10 < 6.17.11 | 6.17.11 |
| linux | linux_kernel | >= 6.6.119 < 6.6.120 | 6.6.120 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vendor_redhat5.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose().
osv·2025-12-16
CVE-2025-68291 mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose().
mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose().
In the Linux kernel, the following vulnerability has been resolved:
mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose().
syzbot reported divide-by-zero in __tcp_select_window() by
MPTCP socket. [0]
We had a similar issue for the bare TCP and fixed in commit
499350a5a6e7 ("tcp: initialize rcv_mss to TCP_MIN_MSS instead
of 0").
Let's apply the same fix to mptcp_do_fastclose().
[0]:
Oops: divide error: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 6068 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:__tcp_select_window+0x824/0x1320 net/ipv4/tcp_output.c:3336
Co
GHSA
GHSA-9p55-rmhm-pj6f: The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripti
ghsa_unreviewed·2025-07-11
CVE-2025-6068 [MEDIUM] CWE-79 GHSA-9p55-rmhm-pj6f: The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripti
The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/foogallery/trunk/extensions/default-templates/shared/js/foogallery.min.jshttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3322251%40foogallery&new=3322251%40foogallery&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/a6be4aaa-f8a1-42d6-95c1-062c5ca51004?source=cve
2025-07-11
Published