WP Engine Security_ Plugin Vulnerability Notification – FooGallery Plugin Extern

  • Resolved hubspire

    (@hubspire)


    1 year, 3 months ago

    This is the email send by WPEngine team.

    Hello,

    At WP Engine we take the security of your sites very seriously, and make every effort to keep our customers aware of any potential security risks. We are reaching out to you today because we identified resources that may be utilizing a vulnerable version of the foogallery plugin.

    The turtlebackzoo on esmczonq9s7rux is running version 2.4.16.
    The tbzdev on esmczonq9s7rux is running version 2.4.29.
    The tbzstg on esmczonq9s7rux is running version 2.4.29.

    WP Engine summary of the vulnerability: Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

    This vulnerability’s information has been verified by Patchstack. Please note that questions related to this notification should be directed to Patchstack, the plugin author or the 3rd-party researcher for the most accurate information.

    Resources providing further information on this vulnerability:

    https://urldefense.com/v3/https://patchstack.com/database/vulnerability/foogallery/wordpress-foogallery-plugin-2-4-29-reflected-cross-site-scripting-vulnerability?_a_id=473;!!DKJCilfDUJuo96k!TOvykKhUb2NwY9y4eeM7pDTldt7ABgnUsZ5Risk2HjCEQ0NxoIC4wcTi1g-PUNsDej3hYS8hR6wXhFjfnVN1D_QUwIk$

    There does not appear to be a fix for this update at this moment and we recommend updating when one becomes available.

    We always suggest making a backup before making any changes. You can learn how to do this in this article: https://urldefense.com/v3/https://wpengine.com/support/restore/;!!DKJCilfDUJuo96k!TOvykKhUb2NwY9y4eeM7pDTldt7ABgnUsZ5Risk2HjCEQ0NxoIC4wcTi1g-PUNsDej3hYS8hR6wXhFjfnVN1oPBgQfU$.

    Would you like to avoid doing these updates manually in the future? Add the Smart Plugin Manager: https://urldefense.com/v3/https://my.wpengine.com/products/smart_plugin_manager;!!DKJCilfDUJuo96k!TOvykKhUb2NwY9y4eeM7pDTldt7ABgnUsZ5Risk2HjCEQ0NxoIC4wcTi1g-PUNsDej3hYS8hR6wXhFjfnVN1Ej1ycWg$ to your plan today!

    Finally, feel free to reach out to our Support team if you need assistance with backing up or updating your website!

    Thanks,
    -WP Engine Security Team

    • This topic was modified 1 year, 3 months ago by Yui.
    • This topic was modified 1 year, 3 months ago by Jan Dembowski. Reason: Removing NSFW tag and there is nothing in the post or URL that is adult or pornographic content

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support elviiso

    (@elviiso)

    1 year, 3 months ago

    Hi @hubspire

    Thank you for your patience as we worked on resolving the recently reported security issue in FooGallery.

    We’re happy to inform you that our development team has released a patch that fully addresses the vulnerability. To ensure your site remains secure and up to date, we strongly recommend updating FooGallery to the latest version as soon as possible.

    To update, simply navigate to Plugins > Installed Plugins in your WordPress dashboard and update FooGallery to the latest version. If you have automatic updates enabled, the patch will be applied if it hasn’t already.

    We appreciate your vigilance and your trust in FooGallery. If you have any questions or need further assistance, feel free to reach out—we’re happy to help!

Viewing 1 replies (of 1 total)

The topic ‘WP Engine Security_ Plugin Vulnerability Notification – FooGallery Plugin Extern’ is closed to new replies.