2 matches found
CVE-2019-16524
The easy-fancybox plugin before 1.8.18 for WordPress aka Easy FancyBox is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter...
CVE-2019-16524
The CVE describes a Stored XSS in the WordPress Easy FancyBox plugin prior to version 1.8.18. Affected component: the plugin’s Settings Menu (inc/class-easyfancybox.php). Root cause: improper encoding of arbitrarily submitted settings parameters and absence of an inline styles output filter, enab...