CVE-2023-6947
📋 TL;DR
The FooGallery WordPress plugin contains a directory traversal vulnerability that allows authenticated attackers with contributor-level access or higher to read arbitrary folders on the server. This can expose sensitive information including folder structures and potentially confidential files. All WordPress sites using FooGallery versions up to 2.4.26 are affected.
💻 Affected Systems
- FooGallery WordPress Plugin
📦 What is this software?
Foogallery by Fooplugins
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive configuration files, database credentials, or other confidential data stored on the server, potentially leading to complete system compromise.
Likely Case
Attackers with contributor access could map the server's directory structure and access files within the web root, potentially finding sensitive information like backup files or configuration data.
If Mitigated
With proper access controls and file permissions, impact is limited to directory enumeration within accessible paths, though sensitive information exposure remains possible.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple. The vulnerability is publicly documented with proof-of-concept details available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.4.27 and later
Vendor Advisory: https://github.com/fooplugins/foogallery/pull/263/commits/9989f6f4f4d478ec04cb634d09b18c87a5b31c4d
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find FooGallery and click 'Update Now'. 4. Alternatively, download version 2.4.27+ from WordPress.org and replace the plugin files.
🔧 Temporary Workarounds
Restrict Contributor Access
allTemporarily remove contributor-level access or implement additional authentication requirements for content management.
File Permission Hardening
linuxSet strict file permissions on sensitive directories outside web root.
chmod 750 /path/to/sensitive/directories
chown root:www-data /path/to/sensitive/directories
🧯 If You Can't Patch
- Disable the FooGallery plugin entirely until patching is possible
- Implement web application firewall rules to block directory traversal patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for FooGallery version. If version is 2.4.26 or lower, system is vulnerable.Check Version:
wp plugin list --name=foogallery --field=version (if WP-CLI installed)Verify Fix Applied:
After updating, verify FooGallery version is 2.4.27 or higher in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in web server logs
- Multiple requests with '../' sequences from contributor accounts
- Access to non-gallery directories from FooGallery endpoints
Network Indicators:
- HTTP requests containing directory traversal sequences to FooGallery endpoints
SIEM Query:
web_access_logs WHERE uri CONTAINS 'foogallery' AND (uri CONTAINS '../' OR uri CONTAINS '..%2F')