HomePentest-Tools.com Logo

FancyBox for WordPress XSS Vulnerability CVE-2015-1494

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

FancyBox for WordPress is prone to an XSS vulnerability.

Risk description

The FancyBox for WordPress plugin before 3.0.3 does not properly restrict access, which allows remote attackers to conduct XSS attacks via the mfbfw parameter in an update action to wp-admin/admin-post.php. Remote attackers may be able to inject arbitrary web script or HTML.

Recommendation

Upgrade to FancyBox for WordPress 3.0.3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 17, 2015
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available