Colorlib: >> Fancybox >> 3.3.3 Security Vulnerabilities
The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS
CVSS Score
6.1
EPSS Score
0.0
Published
2025-06-03