CVE-2025-6068 is a stored Cross-Site Scripting (XSS) vulnerability identified in the FooGallery WordPress plugin, which is used for creating responsive photo galleries with features such as image viewing, justified layouts, masonry, and carousel displays. The vulnerability arises from improper neutralization of input during web page generation, specifically within the `data-caption-title` and `data-caption-description` HTML attributes. These attributes are not sufficiently sanitized or escaped before being rendered, allowing an attacker with Contributor-level or higher privileges to inject arbitrary JavaScript code. Because the malicious script is stored persistently in the gallery data, it executes whenever any user views the affected page, potentially compromising the confidentiality and integrity of user sessions. The vulnerability affects all versions up to and including 2.4.31 of the plugin. The CVSS 3.1 base score is 6.4 (medium severity), reflecting that the attack vector is network-based, requires low attack complexity, and privileges at the Contributor level, but does not require user interaction. The scope is changed, meaning the vulnerability can affect resources beyond the vulnerable component. No known exploits are currently in the wild, and no official patches have been released yet. This vulnerability is classified under CWE-79, which covers improper input neutralization leading to XSS attacks.

For European organizations using WordPress websites with the FooGallery plugin, this vulnerability poses a significant risk. An attacker with Contributor-level access—often achievable through compromised accounts or weak internal controls—can inject malicious scripts that execute in the browsers of site visitors, including administrators and other privileged users. This can lead to session hijacking, credential theft, defacement, or unauthorized actions performed on behalf of legitimate users. Given the widespread use of WordPress and the popularity of gallery plugins for marketing, e-commerce, and content presentation, exploitation could disrupt business operations, damage brand reputation, and lead to data breaches. The impact is particularly critical for organizations handling sensitive customer data or operating in regulated sectors such as finance, healthcare, and government. Since the vulnerability does not require user interaction, automated exploitation is feasible once an attacker has the necessary privileges. The lack of a patch increases the window of exposure, emphasizing the need for immediate mitigation.

European organizations should implement the following specific measures: 1) Immediately audit user roles and permissions to ensure that only trusted users have Contributor-level or higher access, minimizing the risk of malicious content injection. 2) Temporarily disable or remove the FooGallery plugin until a security patch is released. 3) Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting the `data-caption-title` and `data-caption-description` attributes. 4) Conduct thorough input validation and output encoding on any user-generated content related to galleries, either via custom code or security plugins that sanitize inputs. 5) Monitor logs for unusual activity from Contributor accounts, including unexpected content changes or script insertions. 6) Educate content contributors about the risks of uploading untrusted content and enforce strict content review workflows. 7) Stay updated with vendor advisories and apply patches promptly once available. 8) Consider implementing Content Security Policy (CSP) headers to restrict script execution sources, mitigating the impact of injected scripts.