Every CVE whose affected-product data names Colorlib Fancybox, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2025-3662 — CVSS 6.1 (medium): The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries'…
CVE-2024-0662 — CVSS 4.4 (medium): The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3…
CVE-2015-1494 — CVSS 4.3 (medium): The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct…