121 matches found
CVE-2024-5020
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library versions 1.3.4 to 3.5.7 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-5020 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library versions 1.3.4 to 3.5.7 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-5020 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library versions 1.3.4 to 3.5.7 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2024-34034 · WordPress +1 · Wordpress +1
Name of the Vulnerable Software and Affected Versions: WordPress plugins versions 1.3.4 through 3.5.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library due to insufficient input sanitization and output escaping on user-supplied...
WordPress Easy Social Feed Premium plugin <= 6.6.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Easy Social Feed Premium versions = 6.6.2...
WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.3.9 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Visual Portfolio, Photo Gallery & Post Grid versions = 3.3.9...
WordPress NextGEN Gallery plugin <= 3.59.4 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin NextGEN Gallery versions = 3.59.4...
WordPress Getwid – Gutenberg Blocks plugin <= 2.0.11 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Getwid versions = 2.0.11...
WordPress FancyBox for WordPress plugin <= 3.3.4 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin FancyBox for WordPress versions = 3.3.4...
WordPress Colibri Page Builder plugin <= 1.0.286 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Colibri Page Builder versions = 1.0.286...
WordPress Form Maker by 10Web plugin <= 1.15.27 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Form Maker by 10Web versions = 1.15.27...
WordPress Carousel, Slider, Gallery by WP Carousel plugin <= 2.6.8 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Carousel, Slider, Gallery by WP Carousel versions = 2.6.8...
WordPress Firelight Lightbox plugin <= 2.3.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Firelight Lightbox versions = 2.3.3...
WordPress Responsive Lightbox plugin <= 2.4.8 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Responsive Lightbox versions = 2.4.8...
WordPress FV Flowplayer Video Player plugin <= 7.5.47.7212 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin FV Flowplayer Video Player versions = 7.5.47.7212...
WordPress Envira Photo Gallery plugin <= 1.8.15 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Envira Photo Gallery versions = 1.8.15...
WordPress Accordion Slider plugin <= 1.9.12 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Accordion Slider versions = 1.9.12...
WordPress WPC Smart Quick View for WooCommerce plugin <= 4.1.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin WPC Smart Quick View for WooCommerce versions = 4.1.1...
CVE-2024-0662
The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above...
PT-2024-15728 · WordPress · Fancybox
Name of the Vulnerable Software and Affected Versions: FancyBox for WordPress versions 3.0.2 through 3.3.3 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with...