CVE-2024-12119 is a stored Cross-Site Scripting (XSS) vulnerability identified in the FooGallery WordPress plugin, which is used for creating responsive photo galleries with features such as image viewing, justified layouts, masonry, and carousel displays. The vulnerability arises from improper neutralization of input during web page generation, specifically through the default_gallery_title_size parameter. This parameter lacks sufficient input sanitization and output escaping, allowing an authenticated attacker with gallery and album creator roles to inject arbitrary malicious scripts into pages. These scripts execute whenever any user accesses the compromised page, potentially leading to session hijacking, defacement, or redirection to malicious sites. The vulnerability affects all versions up to and including 2.4.29 of the plugin. The CVSS v3.1 base score is 6.4 (medium severity), reflecting that exploitation requires network access, low attack complexity, privileges with gallery/album creator roles, no user interaction, and impacts confidentiality and integrity with a scope change. No known exploits are currently reported in the wild. The vulnerability is significant because WordPress is widely used across many organizations, and plugins like FooGallery are popular for media-rich websites, making this a vector for persistent client-side attacks within trusted domains.

For European organizations, this vulnerability poses a moderate risk primarily to websites using the FooGallery plugin for WordPress. Exploitation could lead to unauthorized script execution in the context of the affected website, allowing attackers to steal session cookies, perform actions on behalf of users, or deliver malware. This can compromise user data confidentiality and website integrity, potentially damaging brand reputation and user trust. Organizations in sectors with high web presence such as e-commerce, media, education, and government could face targeted attacks exploiting this vulnerability. The requirement for authenticated gallery or album creator roles limits the attack surface but insider threats or compromised accounts increase risk. Additionally, the scope change in CVSS indicates that the vulnerability can affect resources beyond the initially vulnerable component, potentially impacting other parts of the web application. Given the widespread use of WordPress in Europe and the popularity of photo gallery plugins, the vulnerability could be leveraged in targeted phishing or social engineering campaigns to escalate attacks.

1. Immediate patching: Although no patch links are provided in the data, organizations should monitor the vendor’s official channels for updates or patches addressing CVE-2024-12119 and apply them promptly. 2. Role auditing: Restrict and audit user roles with gallery and album creator permissions to minimize the number of accounts capable of exploiting this vulnerability. 3. Input validation and output encoding: Implement additional server-side input validation and output encoding for the default_gallery_title_size parameter if custom development or temporary fixes are possible. 4. Web Application Firewall (WAF): Deploy or update WAF rules to detect and block malicious payloads targeting this parameter to reduce exploitation risk. 5. Monitoring and logging: Enhance monitoring of user activities related to gallery and album creation, and review logs for suspicious behavior indicative of exploitation attempts. 6. User awareness: Educate administrators and content creators about the risks of XSS and the importance of secure content handling. 7. Backup and recovery: Maintain regular backups of website data to enable quick restoration in case of compromise. These steps go beyond generic advice by focusing on role management, proactive monitoring, and layered defenses tailored to the plugin’s functionality and attack vector.