3 matches found
WordPress FancyBox for WordPress plugin < 3.3.6 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Pierre Rudloff, Marc Montpas in WordPress Plugin FancyBox for WordPress versions 3.3.6...
CVE-2025-3662
The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher Marc Montpas escalated it to an Unauthenticated Stored XSS...
CVE-2025-3662
The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher Marc Montpas escalated it to an Unauthenticated Stored XSS...