{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3650", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2025-04-15T15:37:19.392Z", "datePublished": "2025-09-12T06:00:03.695Z", "dateUpdated": "2025-09-12T06:00:03.695Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2025-09-12T06:00:03.695Z"}, "title": "jQuery Colorbox <= 4.6.3 - Contributor+ Stored XSS", "problemTypes": [{"descriptions": [{"description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "jQuery Colorbox", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThanOrEqual": "4.6.3"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox library, which does not sanitize title attributes on links before using them, allowing users with at least the contributor role to conduct XSS attacks against administrators."}], "references": [{"url": "https://wpscan.com/vulnerability/5afdd448-0f7e-409e-a47b-8e5c5b707639/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Pierre Rudloff", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox library, which does not sanitize title attributes on links before using them, allowing users with at least the contributor role to conduct XSS attacks against administrators."}], "id": "CVE-2025-3650", "lastModified": "2025-09-12T06:15:42.587", "metrics": {}, "published": "2025-09-12T06:15:42.587", "references": [{"source": "contact@wpscan.com", "url": "https://wpscan.com/vulnerability/5afdd448-0f7e-409e-a47b-8e5c5b707639/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Received"}

{}

{}