Easy Fancybox < 1.8.18 - Authenticated Stored XSS

The Easy FancyBox WordPress plugin was affected by an Authenticated Stored XSS security vulnerability...

wordpress plugin FancyBox admin-head.php physical path disclosure vulnerability

No description provided by source...

FancyBox for WordPress XSS Vulnerability

FancyBox for WordPress is prone to an XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; if...

Vulnerability analysis: WordPress image plugin Fancybox-For-WordPress vulnerability to cause the batch hung it-vulnerability warning-the black bar safety net

! Fancybox For WordPress is a great WordPress picture plugin, it can make your WordPress images pop up a nice browsing interface, showing the rich pop-up layer effect. Last week security researchers found that some Wordpress blogs suffered a batch hung it, and these blogs have in common is to...

FancyBox for WordPress 3.0.0-3.0.2 - Stored Cross-Site Scripting (XSS)

The FancyBox for WordPress WordPress plugin was affected by a Stored Cross-Site Scripting XSS security vulnerability...

CVE-2015-1494

The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting XSS attacks via an mfbfw parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfbfwpadding parameter and...

Cross site scripting

The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting XSS attacks via an mfbfw parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfbfwpadding parameter and...

CVE-2015-1494

The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting XSS attacks via an mfbfw parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfbfwpadding parameter and...

CVE-2015-1494

The CVE concerns the FancyBox for WordPress plugin (versions before 3.0.3). The vulnerability is an XSS in the mfbfw parameter of an update action to wp-admin/admin-post.php, enabling remote attackers to inject script via crafted input. Affected component: the plugin’s update handling (mfbfw[*] p...

VulnCheck KEV: CVE-2015-1494

The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting XSS attacks via an mfbfw parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfbfwpadding parameter and...

WordPress Plugin Fancybox 3.0.2 - Persistent Cross-Site Scripting

WordPress Plugin Fancybox 3.0.2 - Persistent Cross-Site Scripting Exploit Title: Wordpress plugin Fancybox-for-WordPress Stored XSS Exploit Author: NULLpOint7r Date: 2015-02-11 Contact me: [email protected] Version: 3.0.2 Download link:...

FancyBox Plugin for WordPress 'mfbfw' Parameter Persistent XSS

The version of the FancyBox plugin for WordPress installed on the remote host is affected by a persistent cross-site scripting vulnerability due to a failure properly sanitize user-supplied input to the 'mfbfw' POST parameter when the 'action' parameter is set to 'update'. A remote, unauthenticat...

WordPress FancyBox Plugin 3.0.2 - Stored XSS

FancyBox plugin is prone to a stored XSS vulnerability that allows to steal cookies or gain privileged access to the affected site. Solution Upgrade the plugin...

Wordpress plugin Fancybox-for-WordPress 3.0.2 Stored XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress plugin Fancybox-for-WordPress 3.0.2 Stored XSS Exploit Author: NULLpOint7r Date: 2015-02-11 Contact me: email protected Version: 3.0.2 Download link:...

WordPress Plugin Fancybox 3.0.2 - Persistent Cross-Site Scripting

Exploit Title: Wordpress plugin Fancybox-for-WordPress Stored XSS Exploit Author: NULLpOint7r Date: 2015-02-11 Contact me: [email protected] Version: 3.0.2 Download link: https://downloads.wordpress.org/plugin/fancybox-for-wordpress.3.0.2.zip Home: http://www.sec4ever.com/home/ vulnerable...

Unspecified Vulnerability in WordPress Plugin FancyBox for WordPress

WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. An unspecified vulnerability exists in FancyBox for WordPress, which allows attackers to bypass security restrictions and perform unauthorized operations...

Zero Day in WordPress Plugin FancyBox Patched

Developers have patched a zero day vulnerability in FancyBox, a plug-in for WordPress, which allowed malware to be added via an iFrame to infected sites. Despite not having been updated in over two years, Jose Pardilla, the author of FancyBox, insisted early Thursday that he had fixed the flaw wi...

WordPress Plugin Zero-Day Vulnerability Affects Thousands of Sites

A critical zero-day vulnerability has been discovered in a popular WordPress plugin, called 'FancyBox for WordPress', which is being used by hundreds of thousands of websites running on the most popular Blogging Platform Wordpress. 0-DAY FLAW EXPLOITED IN THE WILD The security researchers at...

WordPress FancyBox Plugin Code Injection (CVE-2015-1494)

A code injection vulnerability has been reported in WordPress FancyBox Plugin. A remote attacker could inject arbitrary code into the FancyBox Plugin code via crafted parameters...

e107 Hupsi Fancybox 1.0.4 Shell Upload

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...