VYPR

Easy Fancybox

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-52707MedJun 20, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firelight Firelight Lightbox easy-fancybox allows Stored XSS.This issue affects Firelight Lightbox: from n/a through <= 2.3.16.

  • CVE-2024-50460MedOct 28, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firelight Firelight Lightbox easy-fancybox allows Stored XSS.This issue affects Firelight Lightbox: from n/a through <= 2.3.3.

  • CVE-2024-5020MedDec 4, 2024
    risk 0.35cvss 6.4epss 0.00

    Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2019-16524MedSep 26, 2019
    risk 0.31cvss 4.8epss 0.01

    The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output…