WordPress Plugin Vulnerabilities

Easy Fancybox < 1.8.18 - Authenticated Stored XSS

Description

The Easy FancyBox WordPress plugin was affected by an Authenticated Stored XSS security vulnerability.

Affects Plugins

Plugin icon
easy-fancybox
Fixed in 1.8.18

References

CVE
CVE-2019-16524
URL
https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190911-01_Easy_FancyBox_WP_Plugin_Stored_XSS

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
Jakob Hagl
Verified
No
WPVDB ID
b412d6e3-e617-4ec2-84fc-103e75cb3d38

Timeline

Publicly Published
2019-09-25 (about 6 years ago)
Added
2019-09-27 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-02-16
Title
Easy Gallery <= 1.4 - Reflected Cross-Site Scripting
Published
2024-04-04
Title
Happy Addons for Elementor < 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag
Published
2025-09-05
Title
Elementor Element Condition <= 1.0.5 - Authenticated (Editor+) Stored Cross-Site Scripting
Published
2024-02-12
Title
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.9 - Contributor+ Stored Cross-Site Scripting via Accordion
Published
2024-03-15
Title
User profile < 2.0.21 - Authenticated (Subscriber+) Stored Cross-Site Scripting