VYPR
Low severity3.5NVD Advisory· Published Sep 12, 2025· Updated Jun 17, 2026

CVE-2025-3650

CVE-2025-3650

Description

The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox library, which does not sanitize title attributes on links before using them, allowing users with at least the contributor role to conduct XSS attacks against administrators.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.