121 matches found
CVE-2025-26591 WordPress WP fancybox plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam WP fancybox wp-fancybox allows Stored XSS.This issue affects WP fancybox: from n/a through = 1.0.3...
PT-2025-27873 · WordPress · Wp Fancybox
Name of the Vulnerable Software and Affected Versions: Noor Alam WP fancybox versions 1.0.0 through 1.0.4 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This enables attackers to inject malicious...
WordPress plugin WP fancybox 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
WordPress FancyBox plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress FancyBox plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, whi...
CVE-2025-3662
The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher Marc Montpas escalated it to an Unauthenticated Stored XSS...
CVE-2025-3662
The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher Marc Montpas escalated it to an Unauthenticated Stored XSS...
CVE-2025-3662 FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS
The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher Marc Montpas escalated it to an Unauthenticated Stored XSS...
CVE-2025-3662 FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS
The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher Marc Montpas escalated it to an Unauthenticated Stored XSS...
CVE-2025-3662
The CVE-2025-3662 entry concerns the WordPress FancyBox plugin (versions before 3.3.6). The root cause is that captions and titles attributes are not escaped before being used to populate galleries’ caption fields, enabling an Unauthenticated Stored XSS exploit. Affected product: FancyBox for Wor...
PT-2025-23587 · WordPress · Fancybox
Name of the Vulnerable Software and Affected Versions: FancyBox for WordPress versions prior to 3.3.6 Description: The issue is related to the FancyBox plugin for WordPress not escaping captions and titles attributes before using them to populate galleries' caption fields. This was initially...
WordPress plugin FancyBox 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress FancyBox plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, whi...
CVE-2024-5020
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library versions 1.3.4 to 3.5.7 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-5465
The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2024-9416
The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library versions = 5.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-9416
The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library versions = 5.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-9416
The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library versions = 5.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-9416 Modula Image Gallery <= 2.10.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox 5 JavaScript Library
The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library versions = 5.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-9416
The CVE-2024-9416 entry maps to Modula Image Gallery (WordPress) and is a Stored DOM-based Cross-Site Scripting vulnerability via the plugin’s bundled FancyBox JavaScript library (versions up to 5.x). Root cause: insufficient input sanitization and output escaping on user-supplied attributes, ena...
PT-2025-14609 · Fancybox +1 · Fancybox +1
Name of the Vulnerable Software and Affected Versions: Modula Image Gallery plugin for WordPress versions prior to 5.0.36 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the bundled FancyBox JavaScript library. This allows...
CVE-2025-28935
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in puzich Fancybox Plus fancybox-plus allows Reflected XSS.This issue affects Fancybox Plus: from n/a through = 1.0.1...