2 matches found
CVE-2015-1494
The CVE concerns the FancyBox for WordPress plugin (versions before 3.0.3). The vulnerability is an XSS in the mfbfw parameter of an update action to wp-admin/admin-post.php, enabling remote attackers to inject script via crafted input. Affected component: the plugin’s update handling (mfbfw[*] p...
WordPress FancyBox Plugin Code Injection (CVE-2015-1494)
A code injection vulnerability has been reported in WordPress FancyBox Plugin. A remote attacker could inject arbitrary code into the FancyBox Plugin code via crafted parameters...