Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-29439 PoC — WordPress FooGallery Plugin <= 2.2.35 is vulnerable to Cross Site Scripting (XSS)

Source
https://github.com/LOURC0D3/CVE-2023-29439
Associated Vulnerability
Title:WordPress FooGallery Plugin <= 2.2.35 is vulnerable to Cross Site Scripting (XSS) (CVE-2023-29439)
Description:Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions.
Description
PoC of CVE-2023-29439
Readme
# CVE-2023-29439

This repository is about XSS vulnerability in Wordpress Foogallery Plugin.

## Vulenerability details

### Description
In Foogallery 2.2.35 and earlier, the function `foogallery_image_editor_modal` in `foogallery/includes/admin/class-gallery-attachment-modal.php` is vulnerable to XSS attack.

### Pre-requisite
- Unauthenticated

### Proof-of-Concept
1. Foogallery Settings → Admin → Enable Advanced Attachment Modal 
2. Send `http://localhost:8080/wp-admin/post-new.php?post_type=foogallery&post=”><script>alert(1)</script>`

## References

[CVE-2023-29439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29439)
File Snapshot

 [4.0K]  /data/pocs/950f0e9db8f0ad32f5ca9eee3cd87cb82e527487
└── [ 647]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →