CVE-2019-16524

Name of the Vulnerable Software and Affected Versions Easy FancyBox versions prior to 1.8.18

Description The issue arises from improper encoding of arbitrarily submitted settings parameters in the Settings Menu, specifically in the inc/class-easyfancybox.php file. This leads to Stored XSS due to the lack of an inline styles output filter.

Recommendations For versions prior to 1.8.18, update to version 1.8.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings menu to minimize the risk of exploitation.