Attack Vectors

CVE-2026-25362 is a Medium-severity (CVSS 6.4) stored cross-site scripting (XSS) issue affecting Gallery by FooGallery (plugin slug: foogallery) versions <= 3.1.11. The attacker must already have an authenticated WordPress account with Author-level permissions or higher.

In practical terms, this means the most likely entry points are: a compromised Author account (phishing, password reuse, malware), an overly broad permissions model (too many users granted Author+), a third-party contributor account that gets abused, or an insider threat scenario. Once the malicious content is saved into a page or gallery-related content, it can execute whenever other users view the affected page.

Reference: CVE-2026-25362 record.

Security Weakness

The underlying weakness is insufficient input sanitization and output escaping in FooGallery versions up to and including 3.1.11. This can allow an authenticated Author+ user to store script content that is later served to site visitors and administrators as part of normal page rendering.

Because it is stored XSS (not reflected), it can persist across sessions and continue to trigger until the malicious content is removed and any affected pages are cleaned. The vulnerability is tracked by Wordfence at: Wordfence vulnerability advisory.

Technical or Business Impacts

Even at Medium severity, stored XSS can create disproportionate business risk because it targets trust: your website becomes the delivery mechanism for unwanted scripts. That can impact executives, marketing teams, and customers who interact with the affected pages.

Common outcomes include: session hijacking (an attacker leveraging a logged-in user’s browser session), unauthorized actions performed in the background as an admin/editor views the page, content manipulation (defacement, malicious redirects, SEO spam injection), and exposure of limited sensitive data visible in the browser context. For marketing and revenue teams, this can translate into brand damage, reduced conversion rates, paid-campaign disruptions (landing pages flagged or altered), and increased compliance or incident-response costs.

Remediation: Update Gallery by FooGallery to version 3.1.13 or newer (patched). After updating, review recent changes made by Author+ accounts and inspect high-traffic pages for unexpected scripts or redirects.

Similar Attacks

Stored XSS has repeatedly been used to spread rapidly and damage brands by abusing trusted pages and user sessions. Well-known examples include:

MySpace “Samy” worm (stored XSS that propagated automatically through user profiles) and the British Airways 2018 web skimming incident (malicious script injected into web pages to capture user data).