Vulnerability Discovered in FooGallery < 1.9.25
https://fortiguard.comFooGallery WordPress plugin has 200,000+ active installations and is a popular image gallery plugin. In versions prior to 1.9.25, there is a vulnerability caused by improper sanitization of user input in the image title or caption parameters in the gallery media upload editor. Thereby it can lead to an XSS in the default lightbox feature.
The issue has been fixed in Version 1.9.25 which is available now from the WordPress Plugin Repo.