There are already 3 other threads about this, and they’ve already replied to each one.
Yes I realise that, but they are all shown as “resolved” when it clearly is not. The threat is also worse than they are making out.
Hi @caordawebsol
Thank you for your patience as we worked on resolving the recently reported security issue in FooGallery.
We’re happy to inform you that our development team has released a patch that fully addresses the vulnerability. To ensure your site remains secure and up to date, we strongly recommend updating FooGallery to the latest version as soon as possible.
To update, simply navigate to Plugins > Installed Plugins in your WordPress dashboard and update FooGallery to the latest version. If you have automatic updates enabled, the patch will be applied if it hasn’t already.
We appreciate your vigilance and your trust in FooGallery. If you have any questions or need further assistance, feel free to reach out—we’re happy to help!
@elviiso WP Engine is still reporting this message with the latest version: FooGallery <= 2.4.30 is vulnerable to Cross-Site Scripting (XSS)
I see the security patch was in v2.4.30 but it doesn’t seem to have fixed the issue.
Hi @joprestonom4
We have gone through the message sent by WPEngine and can confirm that the patch has been fixed in v2.4.30. They are also using this as reference, which mentions that the issue in question affects upto version 2.4.29: https://patchstack.com/database/wordpress/plugin/foogallery/vulnerability/wordpress-foogallery-plugin-2-4-29-reflected-cross-site-scripting-vulnerability?_a_id=473
We have communicated with the Patchstack team about our update, and they will soon update the vulnerability report page with the relevant details soon enough.
For now, kindly ensue that you have the latest FooGallery version installed. Thanks
Thanks
