WordPress ARI Fancy Lightbox plugin cross-site scripting vulnerability

2022-03-1600:00:00

China National Vulnerability Database

www.cnvd.org.cn

wordpress

ari fancy lightbox

cross-site scripting

vulnerability

php

admin page

attackers

reflection

EPSS

0.001

Percentile

30.0%

JSON

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. cross-site scripting vulnerability exists in versions of the WordPress ARI Fancy Lightbox plugin prior to 1.3.9, which stems from a vulnerability in the ARI Fancy Lightbox plugin fails to clean and escape msg parameters before exporting them to the admin page, which can be exploited by attackers to cause reflected cross-site scripting.

EPSS

0.001

Percentile

30.0%

JSON

Related for CNVD-2023-04623