CVE-2026-9134— FooPlugins Photo Gallery by FooGallery 跨站脚本漏洞

Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_attribute_key' Shortcode Parameter

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomplete JavaScript event handler blacklist in the foogallery_sanitize_javascript() function, which blocks only a subset of HTML event attributes (onmouseover, onmouseout, onpointerenter, onclick, onload, onchange, onerror) while permitting others such as 'onmouseenter', combined with the failure to escape the attribute key when building the gallery container HTML in foogallery_build_container_attributes_safe(). This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

FooPlugins Photo Gallery by FooGallery 跨站脚本漏洞

fooplugins Photo Gallery by FooGallery是fooplugins公司的一款图片编辑插件。 FooPlugins Photo Gallery by FooGallery 3.1.31及之前版本存在跨站脚本漏洞，该漏洞源于foogallery_sanitize_javascript () 函数的 JavaScript 事件处理程序黑名单不完整，且构建图库容器 HTML 时未转义 “custom_attribute_key” 参数属性键，导致具贡献者及以上权限的认证攻击者能注入

N/A

N/A