CVE-2019-16524

The easy-fancybox plugin before 1.8.18 for WordPress aka Easy FancyBox is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter...

EUVD-2025-16698

Malicious code in bioql PyPI...

CVE-2025-3662

The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher Marc Montpas escalated it to an Unauthenticated Stored XSS...

CVE-2025-3662 FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS

The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher Marc Montpas escalated it to an Unauthenticated Stored XSS...

FancyBox for WordPress 3.0.0-3.0.2 - Stored Cross-Site Scripting (XSS)

The FancyBox for WordPress WordPress plugin was affected by a Stored Cross-Site Scripting XSS security vulnerability...

VulnCheck KEV: CVE-2015-1494

The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting XSS attacks via an mfbfw parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfbfwpadding parameter and...