The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-26T15:45:33
Updated: 2024-08-05T01:17:40.246Z
Reserved: 2019-09-19T00:00:00
Link: CVE-2019-16524
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-09-26T16:15:11.347
Modified: 2024-11-21T04:30:45.773
Link: CVE-2019-16524
Redhat
No data.