Medium severity6.1NVD Advisory· Published Jun 3, 2025· Updated Jun 17, 2026
CVE-2025-3662
CVE-2025-3662
Description
The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/4cda12f0-3c23-44ad-80ea-db2443ebcf82/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.