Low severity3.5NVD Advisory· Published Sep 12, 2025· Updated Jun 17, 2026
CVE-2025-3650
CVE-2025-3650
Description
The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox library, which does not sanitize title attributes on links before using them, allowing users with at least the contributor role to conduct XSS attacks against administrators.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=4.6.3
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.