CVE-2023-6747 FooGallery Premium <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

🗓️ 03 Jan 2024 08:29:48Reported by WordfenceType

WordPress Gallery Plugin vulnerability in versions up to 2.3.3

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2023-6747	4 Jan 202401:35	–	circl
CNNVD	WordPress Plugin FooGallery Premium Cross-Site Scripting Vulnerability	3 Jan 202400:00	–	cnnvd
CVE	CVE-2023-6747	3 Jan 202408:29	–	cve
EUVD	EUVD-2023-58960	3 Oct 202520:07	–	euvd
NVD	CVE-2023-6747	3 Jan 202409:15	–	nvd
Patchstack	WordPress FooGallery Premium Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)	3 Jan 202400:00	–	patchstack
Prion	Cross site scripting	3 Jan 202409:15	–	prion
Positive Technologies	PT-2024-15075 · WordPress · Foogallery	3 Jan 202400:00	–	ptsecurity
RedhatCVE	CVE-2023-6747	23 May 202504:59	–	redhatcve
Vulnrichment	CVE-2023-6747 FooGallery Premium <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	3 Jan 202408:29	–	vulnrichment

[
  {
    "vendor": "https://fooplugins.com",
    "product": "FooGallery Premium",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.3.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "fooplugins",
    "product": "Gallery by FooGallery",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.4.8",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/foogallery/tags/2.4.9/includes/functions.php
fooplugins	www.fooplugins.com/foogallery-wordpress-gallery-plugin/pricing/
plugins	www.plugins.trac.wordpress.org/browser/foogallery/tags/2.4.9/includes/class-gallery-advanced-settings.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/dce8ac32-cab8-4e05-bf6f-cc348d0c9472

08 Apr 2026 17:27Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.16.4

EPSS0.00157

CWE-79