PT-2025-37291 · WordPress+1 · Jquery Colorbox+1
Pierre Rudloff
·
Published
2025-09-12
·
Updated
2025-09-12
·
CVE-2025-3650
CVSS v3.1
3.5
Low
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
jQuery Colorbox WordPress plugin versions through 4.6.3
Description:
The jQuery Colorbox WordPress plugin utilizes the colorbox library, which lacks proper sanitization of title attributes on links. This allows users with contributor-level permissions to execute Cross-Site Scripting (XSS) attacks against administrators.
Recommendations:
Update to a version beyond 4.6.3.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Colorbox
Jquery Colorbox