WordPress FooGallery Plugin <= 2.2.44 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-44233

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Best WordPress Gallery Plugin – Foogallery
Vendor: CVE Published:; 6 October 2023

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the FooGallery plugin by FooPlugins, affecting versions up to 2.2.44. This vulnerability enables an attacker to perform unauthorized actions on behalf of a valid user without their knowledge, potentially compromising the security of WordPress websites utilizing this plugin. It is essential for users to update to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

Best WordPress Gallery Plugin – FooGallery <= 2.2.44

References

https://patchstack.com/database/vulnerability/foogallery/...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 6, 2023
Vulnerability Reserved
Sep 27, 2023

Credit

FearZzZz (Patchstack Alliance)