CVE-2025-28935

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in puzich Fancybox Plus fancybox-plus allows Reflected XSS.This issue affects Fancybox Plus: from n/a through = 1.0.1...

CVE-2025-28935

CVE-2025-28935 is a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin FancyBox Plus up to version 1.0.1 . The issue is described as an improper neutralization of input during web page generation, enabling reflected XSS attempts. The connected documents provide the same de...

CVE-2025-28935 WordPress Fancybox Plus plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in puzich Fancybox Plus fancybox-plus allows Reflected XSS.This issue affects Fancybox Plus: from n/a through = 1.0.1...

WordPress plugin Fancybox Plus 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...

WordPress Fancybox Plus plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin Fancybox Plus versions = 1.0.1...

CVE-2025-23594

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Uzzal Mondal Google Map With Fancybox location-piker allows Reflected XSS.This issue affects Google Map With Fancybox: from n/a through = 2.1.0...

CVE-2024-54401

Cross-Site Request Forgery CSRF vulnerability in Ciprian Turcu Advanced Fancybox advanced-fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through = 1.1.1...

CVE-2025-23594

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Uzzal Mondal Google Map With Fancybox location-piker allows Reflected XSS.This issue affects Google Map With Fancybox: from n/a through = 2.1.0...

CVE-2025-23594

CVE-2025-23594 is a reflected XSS in WordPress Google Map With Fancybox plugin (versions up to and including 2.1.0) caused by improper neutralization of inputs during web page generation. Public sources (NVD/Red Hat/CVE records) confirm the issue affects Google Map With Fancybox

CVE-2025-23594 WordPress Google Map With Fancybox plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Uzzal Mondal Google Map With Fancybox location-piker allows Reflected XSS.This issue affects Google Map With Fancybox: from n/a through = 2.1.0...

WordPress plugin Google Map With Fancybox 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2025-4961 · Unknown · Google Map With Fancybox

Name of the Vulnerable Software and Affected Versions: Google Map With Fancybox versions prior to 2.1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for Cross-site Scripting XSS. Specifically, it enables Reflected XSS...

WordPress Google Map With Fancybox plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Google Map With Fancybox versions = 2.1.0...

CVE-2024-54401

Cross-Site Request Forgery CSRF vulnerability in Ciprian Turcu Advanced Fancybox advanced-fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through = 1.1.1...

CVE-2024-54401 WordPress Advanced Fancybox plugin <= 1.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ciprian Turcu Advanced Fancybox advanced-fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through = 1.1.1...

CVE-2024-54401

CVE-2024-54401 (Advanced Fancybox) is a Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in the Advanced Fancybox plugin. The vulnerability affects versions up to 1.1.1. The connected Red Hat/ENISA/Wordfence sources corroborate the CSRF-to-XSS pattern for this plugin...

CVE-2024-54401 WordPress Advanced Fancybox plugin <= 1.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ciprian Turcu Advanced Fancybox advanced-fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through = 1.1.1...

PT-2024-36288 · Unknown · Advanced Fancybox

Name of the Vulnerable Software and Affected Versions: Advanced Fancybox versions 1.1.1 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web applicatio...

WordPress plugin Advanced Fancybox 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress Advanced Fancybox plugin <= 1.1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Advanced Fancybox versions = 1.1.1...