mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-31 10:09:29 +02:00
0xMarcio
847 B
847 B
CVE-2025-3662
&color=brightgreen)
Description
The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS
POC
Reference
Github
No PoCs found on GitHub currently.