cleantalk
Vulnerabilities and Security Researches

Auto Thickbox, 3ec8c103834f70650b61fa3cc46bc2b4a3c7abbf

CVE, Research URL

3ec8c103834f70650b61fa3cc46bc2b4a3c7abbf

Home page URL

Security reports for Auto Thickbox

Application

Auto Thickbox

Published on
-
Research Description
Auto Thickbox [auto-thickbox] <= 3.5 (unfixed) Multiple Plugins &lt;= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin&#039;s bundled ThickBox JavaScript library (version 3.1) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.5.
Status
vulnerable
Previous vulnerability researches
Address Autocomplete via Google for Gravity Forms (CVE-2025-53263) , Jul 03, 2025
New vulnerability
Radio Station by netmix® &#8211; Manage and play your Show Schedule in WordPress! (CVE-2025-53568) , Jul 05, 2025
RD Contacto (CVE-2025-5933) , Jul 05, 2025
AiBud WP &#8211; ChatGPT, OpenAI, Content &amp; Image Generator WordPress plugin (CVE-2025-23968) , Jul 05, 2025
WP Permalink Translator (CVE-2025-53274) , Jul 05, 2025
Soumettre.fr (CVE-2025-4654) , Jul 05, 2025