Floragasse 7 – 5th floor, 1040 Vienna


Security Advisory: Easy FancyBox WordPress Plugin Stored Cross-site Scripting (CVE-2019-16524)

The Easy FancyBox WordPress Plugin Version 1.8.17 is susceptible to Stored cross-site Scripting in the Settings > Media admin page due to improper encoding of arbitrarily submitted setting parameters. The vulnerability affects every publicly accessible page of the WordPress site.

Full security advisory: https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190911-01_Easy_FancyBox_WP_Plugin_Stored_XSS

This Website uses Cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.