cleantalk
Vulnerabilities and Security Researches

Easy FancyBox – WordPress Lightbox Plugin, CVE-2019-16524

CVE, Research URL

CVE-2019-16524

Home page URL

Security reports for Easy FancyBox – WordPress Lightbox Plugin

Application

Easy FancyBox – WordPress Lightbox Plugin

Published on
Sep 26, 2019
Research Description
The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter.
Affected versions
Min -, max 1.8.18.
Status
vulnerable
Previous vulnerability researches
Easy FancyBox – WordPress Lightbox Plugin (CVE-2024-5020) , Dec 06, 2024
Easy FancyBox – WordPress Lightbox Plugin , Jul 24, 2024
Easy FancyBox – WordPress Lightbox Plugin (CVE-2024-50460) , Oct 27, 2024
Easy FancyBox – WordPress Lightbox Plugin (CVE-2019-16524) , Jun 06, 2024
Easy FancyBox – WordPress Lightbox Plugin (CVE-2025-3597) , May 14, 2025
New vulnerability
Lead Form Data Collection to CRM (CVE-2025-47690) , May 14, 2025
WordPress Portfolio Builder – Portfolio Gallery (CVE-2025-1757) , May 14, 2025
LiteSpeed Cache (CVE-2025-47437) , May 14, 2025
Frontend Dashboard (CVE-2025-4474) , May 14, 2025
Frontend Dashboard (CVE-2025-4473) , May 14, 2025