WordPress Plugin Vulnerabilities

FancyBox for WordPress 3.0.0-3.0.2 - Stored Cross-Site Scripting (XSS)

Description

The FancyBox for WordPress WordPress plugin was affected by a Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
fancybox-for-wordpress
Fixed in 3.0.4

References

CVE
CVE-2015-1494
Exploitdb
36087
URL
https://blog.sucuri.net/2015/02/zero-day-in-the-fancybox-for-wordpress-plugin.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
8973259c-bcc8-48f6-aa3b-8f40ad999740

Timeline

Publicly Published
2015-02-22 (about 11 years ago)
Added
2015-02-04 (about 11 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2022-08-01
Title
Multiple Plugins from Puvox.software - Reflected Cross-Site Scripting
Published
2025-12-17
Title
ModelTheme Addons for WPBakery and Elementor < 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-02-02
Title
Easy Digital Downloads < 3.2.7 - Shop Manager+ Stored XSS
Published
2025-12-25
Title
Content Grid Slider <= 1.5 - Reflected Cross-Site Scripting
Published
2025-02-11
Title
Simple Google Calendar Outlook Events Block Widget < 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting