Security Advisory

CVE-2025-3650

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-12 06:00:03

Last updated 2025-09-12 16:29:28

Assigner WPScan

State PUBLISHED

Description

The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox library, which does not sanitize title attributes on links before using them, allowing users with at least the contributor role to conduct XSS attacks against administrators.

← Browse all CVEs View on cve.org ↗