CVE-2025-22728

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech Workreap theme's plugin workreap allows SQL Injection.This issue affects Workreap theme's plugin: from n/a through = 3.3.6...

CVE-2025-3662 FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS

The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher Marc Montpas escalated it to an Unauthenticated Stored XSS...