Vulnerability Details CVE-2019-16524
The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.2%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190911-01_Easy_FancyBox_WP_Plugin_Stored_XSS
- https://wordpress.org/plugins/easy-fancybox/#developers
- https://wpvulndb.com/vulnerabilities/9891
- https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190911-01_Easy_FancyBox_WP_Plugin_Stored_XSS
- https://wordpress.org/plugins/easy-fancybox/#developers
- https://wpvulndb.com/vulnerabilities/9891
Products affected by CVE-2019-16524
-
cpe:2.3:a:status301:easy_fancybox:-
-
cpe:2.3:a:status301:easy_fancybox:1.3.1
-
cpe:2.3:a:status301:easy_fancybox:1.3.1.1
-
cpe:2.3:a:status301:easy_fancybox:1.3.1.2
-
cpe:2.3:a:status301:easy_fancybox:1.3.1.3
-
cpe:2.3:a:status301:easy_fancybox:1.3.2
-
cpe:2.3:a:status301:easy_fancybox:1.3.3.4
-
cpe:2.3:a:status301:easy_fancybox:1.3.3.4.2
-
cpe:2.3:a:status301:easy_fancybox:1.3.4.5
-
cpe:2.3:a:status301:easy_fancybox:1.3.4.6
-
cpe:2.3:a:status301:easy_fancybox:1.3.4.8
-
cpe:2.3:a:status301:easy_fancybox:1.3.4.9
-
cpe:2.3:a:status301:easy_fancybox:1.5.0
-
cpe:2.3:a:status301:easy_fancybox:1.5.1
-
cpe:2.3:a:status301:easy_fancybox:1.5.2
-
cpe:2.3:a:status301:easy_fancybox:1.5.5
-
cpe:2.3:a:status301:easy_fancybox:1.5.6
-
cpe:2.3:a:status301:easy_fancybox:1.5.7
-
cpe:2.3:a:status301:easy_fancybox:1.5.8
-
cpe:2.3:a:status301:easy_fancybox:1.5.8.2
-
cpe:2.3:a:status301:easy_fancybox:1.6
-
cpe:2.3:a:status301:easy_fancybox:1.6.1
-
cpe:2.3:a:status301:easy_fancybox:1.6.2
-
cpe:2.3:a:status301:easy_fancybox:1.6.3
-
cpe:2.3:a:status301:easy_fancybox:1.7
-
cpe:2.3:a:status301:easy_fancybox:1.8
-
cpe:2.3:a:status301:easy_fancybox:1.8.10
-
cpe:2.3:a:status301:easy_fancybox:1.8.11
-
cpe:2.3:a:status301:easy_fancybox:1.8.13
-
cpe:2.3:a:status301:easy_fancybox:1.8.15
-
cpe:2.3:a:status301:easy_fancybox:1.8.16
-
cpe:2.3:a:status301:easy_fancybox:1.8.17
-
cpe:2.3:a:status301:easy_fancybox:1.8.2
-
cpe:2.3:a:status301:easy_fancybox:1.8.3
-
cpe:2.3:a:status301:easy_fancybox:1.8.4
-
cpe:2.3:a:status301:easy_fancybox:1.8.5
-
cpe:2.3:a:status301:easy_fancybox:1.8.6
-
cpe:2.3:a:status301:easy_fancybox:1.8.7
-
cpe:2.3:a:status301:easy_fancybox:1.8.9