CVE-2025-22624 is a medium-severity Cross-site Scripting (XSS) vulnerability identified in version 2.4.29 of the FooGallery plugin developed by bradvin. FooGallery is a WordPress plugin used to create responsive photo galleries with features such as image viewing, justified layouts, masonry grids, and carousels. The vulnerability arises from improper neutralization of input during web page generation, specifically in the file myapp/extensions/albums/admin/class-meta boxes.php. This component dynamically generates web content without adequately validating or sanitizing potentially untrusted data sources. As a result, an attacker can inject malicious scripts that execute in the context of the victim's browser when viewing the affected admin interface or gallery pages. The CVSS 4.0 vector indicates that the attack can be performed remotely (AV:N) with low attack complexity (AC:L), requires no privileges (PR:N), but does require user interaction (UI:A). The vulnerability does not compromise confidentiality or availability but has limited impact on integrity and scope, as it affects only the vulnerable component and its users. No known exploits are currently reported in the wild, and no patches have been published yet. However, the presence of this vulnerability could allow attackers to perform actions such as session hijacking, defacement, or redirecting users to malicious sites if successfully exploited.

For European organizations using the FooGallery plugin, particularly those managing websites with user-generated content or administrative interfaces exposed to multiple users, this vulnerability poses a risk of client-side script injection. The impact includes potential theft of session cookies, leading to unauthorized access to administrative accounts, defacement of web content, or distribution of malware through injected scripts. Although the vulnerability requires user interaction, the risk is heightened in environments where multiple users access the gallery admin pages or where galleries are publicly accessible and can be manipulated by attackers. This could affect organizations in sectors such as media, e-commerce, education, and cultural institutions that rely on WordPress sites with FooGallery for visual content presentation. The medium severity suggests that while the threat is not critical, it should not be ignored as it can facilitate further attacks or compromise user trust and data integrity.

To mitigate this vulnerability, European organizations should first verify if they are running FooGallery version 2.4.29 or earlier. Immediate steps include: 1) Restrict access to the affected admin interfaces to trusted users only, using IP whitelisting or VPNs. 2) Implement Web Application Firewall (WAF) rules to detect and block common XSS payloads targeting the vulnerable endpoints. 3) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected pages. 4) Sanitize and validate all user inputs and data sources feeding into the gallery plugin, especially if custom extensions or integrations are used. 5) Monitor logs for unusual activity or attempted script injections. 6) Engage with the vendor or community to obtain patches or updates as soon as they become available and apply them promptly. 7) Educate users and administrators about the risks of clicking on suspicious links or interacting with untrusted content within the gallery environment.