CVE-2025-3662
FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS
The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Produtos afetados
Unknown · FancyBox for WordPressQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →