exploitDog

CVE-2025-3662

Опубликовано: 03 июн. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS

Ссылки

https://wpscan.com/vulnerability/4cda12f0-3c23-44ad-80ea-db2443ebcf82/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/4cda12f0-3c23-44ad-80ea-db2443ebcf82/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:colorlib:fancybox:*:*:*:*:*:wordpress:*:*

Версия до 3.3.6 (исключая)

EPSS

Процентиль: 10%

0.00034

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-3q79-wmhj-39pr

CVSS3: 6.1

github

8 месяцев назад

The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS

EPSS

Процентиль: 10%

0.00034

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79