CVE-2025-3662 – FancyBox for WordPress Unauthenticated Stored XSS

June 3, 2025

CVE ID : CVE-2025-3662

Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago

Description : The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries’ caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3584 – WordPress Newsletter Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-4567 – WordPress Post Slider Cross-Site Scripting Vulnerability

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

In MCP era API discoverability is now more important than ever

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

Multiple reports suggest a Persona 4 Remake from Atlus will be announced during the Xbox Games Showcase

TC39 advances numerous proposals at latest meeting

TC39 advances numerous proposals at latest meeting

TypeBridge – zero ceremony, compile time rpc for client and server com

Simplify Cloud-Native Development with Quarkus Extensions

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

CVE-2025-3662 – FancyBox for WordPress Unauthenticated Stored XSS

Leadership, Trust, and Cyber Hygiene: NCSC’s Guide to Security Culture in Action

CVE-2025-4318 Critical RCE in AWS Amplify Codegen UI

How Can Designers Balance the Need for Minimalism With the Demand for Comprehensive Functionality?

Why I Created Designarchy: A Collection of Creative Inspiration

New CISA-Microsoft Guide Enables Organizations to Leverage Expanded Cloud Logs for Threat Detection

Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites

The Value of Clear Requirements: How to Choose the Right Vendor for Your Software Project

Google begins rolling out voice capabilities in Gemini with Gemini Live

CrowPi 3: An All-in-one AI Learning Kit With Cyberdeck Feel

CVE-2025-4325 – MRCMS Cross-Site Scripting Vulnerability

CVE-2025-3662 – FancyBox for WordPress Unauthenticated Stored XSS

Related Posts