Lucene search
K

5 matches found

NVD
NVD
added 2026/06/13 7:16 a.m.13 views

CVE-2026-9134

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributekey' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomplete JavaScript event handler blacklist in the foogallerysanitizejavascript function, which blocks onl...

6.4CVSS0.00203EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/13 6:47 a.m.8 views

CVE-2026-9134 Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_attribute_key' Shortcode Parameter

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributekey' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomplete JavaScript event handler blacklist in the foogallerysanitizejavascript function, which blocks onl...

6.4CVSS5.5AI score0.00203EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/13 6:47 a.m.12 views

EUVD-2026-36645

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributekey' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomplete JavaScript event handler blacklist in the foogallerysanitizejavascript function, which blocks onl...

6.4CVSS5.6AI score0.00203EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/13 6:47 a.m.31 views

CVE-2026-9134 Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_attribute_key' Shortcode Parameter

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributekey' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomplete JavaScript event handler blacklist in the foogallerysanitizejavascript function, which blocks onl...

6.4CVSS0.00203EPSS
Exploits0References5
CVE
CVE
added 2026/06/13 6:47 a.m.24 views

CVE-2026-9134

The FooGallery WordPress plugin is vulnerable to Stored XSS in versions up to 3.1.31 through the custom_attribute_key shortcode parameter. Root cause: incomplete JavaScript event handler blacklist in foogallery_sanitize_javascript() and failure to escape the attribute key in foogallery_build_cont...

6.4CVSS5.6AI score0.00203EPSS
Exploits0References5
Rows per page
Query Builder