CVE-2025-26591

Name of the Vulnerable Software and Affected Versions: Noor Alam WP fancybox versions 1.0.0 through 1.0.4

Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting (XSS). This enables attackers to inject malicious scripts into the website, potentially affecting user sessions.

Recommendations: For versions 1.0.0 through 1.0.4, update to a version later than 1.0.4 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.