[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f3wHCcvGJWJM85kWFZM86KPQEBLFUM5jDyi_9waNfRG0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":53,"analysis":146,"fingerprints":183},"fancy-box","FancyBox","1.1.0","Kevin Sylvestre","https:\u002F\u002Fprofiles.wordpress.org\u002Fkevinsylvestre\u002F","\u003Cp>This plugin uses the jquery implementation of fancybox and makes use of [attr] style selectors by adding a section to the wordpress header.\u003C\u002Fp>\n\u003Cp>For more information and examples of slimbox visit:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Ffancy.klade.lv\u002F\" rel=\"nofollow ugc\">FancyBox\u003C\u002Fa>\u003C\u002Fp>\n","Enables fancybox on all image links including BMP, GIF, JPG, JPEG, and PNG links.",4000,286229,56,9,"2017-11-28T10:30:00.000Z","3.5.2","2.7","",[20,21,22,23],"fancybox","images","javascript","lightbox","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ffancy-box\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffancy-box.zip",64,1,"2025-03-21 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-28935","fancybox-reflected-cross-site-scripting","FancyBox \u003C= 1.0.1 - Reflected Cross-Site Scripting","The FancyBox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.0.1","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-03-25 19:34:51",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb249d628-a6aa-4fc6-b1f7-91b674054fc8?source=api-prod",{"slug":46,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":50,"trust_score":51,"computed_at":52},"kevinsylvestre",2,4700,75,30,77,"2026-04-04T02:40:18.544Z",[54,78,98,116,130],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":72,"download_link":73,"security_score":74,"vuln_count":75,"unpatched_count":76,"last_vuln_date":77,"fetched_at":29},"fancybox-for-wordpress","FancyBox for WordPress","3.3.7","colorlibplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fcolorlibplugins\u002F","\u003Cp>Seamlessly integrates FancyBox into your blog: Upload, activate, and you’re done. Additional configuration optional.\u003C\u002Fp>\n\u003Cp>You can easily customize almost anything you can think about fancybox lightbox: the border, margin width and color, zoom speed, animation type, close button position, overlay color and opacity and even more advanced option like several options to group images into galleries, and more…\u003C\u002Fp>\n\u003Cp>By default, the plugin will use jQuery to apply FancyBox to ANY thumbnails that link directly to an image. This includes posts, the sidebar, etc, so you can activate it and it will be applied automatically.\u003C\u002Fp>\n\u003Ch4>Further Reading\u003C\u002Fh4>\n\u003Cp>This plugin is developed and maintained by Colorlib. Which is well know for their free \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fthemes\u002F\" rel=\"nofollow ugc\">\u003C\u002Fa>WordPress themes. However, now they are looking to extend their presence in plugin development and believe that FancyBox lightbox is a great way to start.\u003C\u002Fp>\n\u003Cp>If you are new to WordPress and want to lear more we have got you covered. Colorlib will teach you have to \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002F\" rel=\"nofollow ugc\">start a blog\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fhow-to-make-a-website\u002F\" rel=\"nofollow ugc\">create a website\u003C\u002Fa> and much more. If you are already familiar with WordPress you likely want to learn how to make it faster and more reliable. That’s when you want to look into hosting and more specifically \u003Ca href=\"http:\u002F\u002Fcolorlib.com\u002Fwp\u002Fwordpress-hosting\" rel=\"nofollow ugc\">WordPress hosting\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you enjoy using FancyBox lightbox for WordPress please leave a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ffancybox-for-wordpress\u002Freviews\u002F?filter=5\" rel=\"ugc\">positive feedback\u003C\u002Fa>. We are committed to make it the best lightbox plugin for WordPress.\u003C\u002Fp>\n","Seamlessly integrates FancyBox lightbox into your WordPress blog: Upload, activate, and you're done. Additional configuration optional.",40000,1940597,92,"2025-05-07T14:18:00.000Z","6.8.5","5.6","7.4",[20,21,23,70,71],"photos","pictures","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffancybox-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffancybox-for-wordpress.3.3.7.zip",96,3,0,"2025-05-13 00:00:00",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":18,"tags":93,"homepage":18,"download_link":96,"security_score":97,"vuln_count":76,"unpatched_count":76,"last_vuln_date":36,"fetched_at":29},"photo-swipe","PhotoSwipe","4.1.1.1","Louy Alakkad","https:\u002F\u002Fprofiles.wordpress.org\u002Flouyx\u002F","\u003Cp>This plugins adds the PhotoSwipe library to your WordPress blog seamlessly. No configuration required.\u003C\u002Fp>\n","A very light implementation of PhotoSwipe javascript plugin for WordPress",1000,31166,90,11,"2016-03-17T14:51:00.000Z","4.4.0","4.0",[94,20,95,21,23],"attachments","gallery","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphoto-swipe.4.1.1.1.zip",85,{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":86,"downloaded":106,"rating":107,"num_ratings":108,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":18,"tags":112,"homepage":114,"download_link":115,"security_score":97,"vuln_count":76,"unpatched_count":76,"last_vuln_date":36,"fetched_at":29},"shutter-reloaded","Shutter Reloaded","2.5","Andrew Ozz","https:\u002F\u002Fprofiles.wordpress.org\u002Fazaozz\u002F","\u003Cp>Shutter Reloaded is an image viewer for your website that works similarly to Lightbox, Thickbox, etc. but is under 10KB in size and does not require any external libraries. It has many features: resizing large images if the window is too small to display them with option to show the full size image, combining images in sets, redrawing the window after resizing, pre-loading of neighbour images for faster display and very good browser compatibility.\u003C\u002Fp>\n\u003Cp>This plugin offers customization of the colour and opacity settings for the background and colour for the caption text, buttons text and the menu background.\u003C\u002Fp>\n\u003Cp>There are options to enable it for all links pointing to an image on your site (with option to exclude some pages), or just on selected pages. It can be enabled only for image links with CSS class=”shutter” with option to create a single set or multiple sets for each page.\u003C\u002Fp>\n\u003Cp>The plugin can also “auto-make” image sets for each Post, so when several posts are displayed on the “Home” page, links to images on each post will be in a separate set. See the built-in help for more information.\u003C\u002Fp>\n","Darkens the current page and displays an image (like Lightbox, Thickbox, etc.), but is a lot smaller (10KB) and faster.",143835,86,6,"2017-11-28T20:22:00.000Z","3.4.2","3.0",[21,22,23,113],"viewer","http:\u002F\u002Fwww.laptoptips.ca\u002Fprojects\u002Fwp-shutter-reloaded\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshutter-reloaded.2.5.zip",{"slug":117,"name":118,"version":119,"author":7,"author_profile":8,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":124,"num_ratings":27,"last_updated":125,"tested_up_to":126,"requires_at_least":17,"requires_php":18,"tags":127,"homepage":128,"download_link":129,"security_score":97,"vuln_count":76,"unpatched_count":76,"last_vuln_date":36,"fetched_at":29},"slimbox","Slimbox","1.0.8","\u003Cp>This plugin uses the jquery implementation of slimbox and makes use of [attr] style selectors by adding a section to the wordpress header.\u003C\u002Fp>\n\u003Cp>For more information and examples of slimbox visit:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.digitalia.be\u002Fsoftware\u002Fslimbox2\" rel=\"nofollow ugc\">Slimbox\u003C\u002Fa>\u003C\u002Fp>\n","Enables slimbox 2.03 on all image links including BMP, GIF, JPG, JPEG, and PNG links.",700,56690,100,"2016-10-17T19:17:00.000Z","4.6.30",[21,22,23,117],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fslimbox\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fslimbox.zip",{"slug":131,"name":132,"version":133,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":138,"downloaded":139,"rating":124,"num_ratings":27,"last_updated":140,"tested_up_to":141,"requires_at_least":142,"requires_php":18,"tags":143,"homepage":144,"download_link":145,"security_score":97,"vuln_count":76,"unpatched_count":76,"last_vuln_date":36,"fetched_at":29},"slimbox-plugin","Slimbox Plugin","1.3","peppolone","https:\u002F\u002Fprofiles.wordpress.org\u002Fpeppolone\u002F","\u003Cp>WordPress plugin used to overlay images on the current page into neat Javascript-powered overlay popups.\u003Cbr \u002F>\nThis plugin includes the new Slimbox 1.64 javascript written by Christophe Beils and got transformed into a WordPress Plugin by me.\u003Cbr \u002F>\nSlimbox is a 7kb visual clone of the popular Lightbox JS v2.4 by Lokesh Dhakar, written using the ultra compact mootools framework.\u003Cbr \u002F>\nIt was designed to be small, efficient, more convenient and 100% compatible with the original Lightbox v2.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.4mj.it\u002Fslimbox-wordpress-plugin\u002F\" title=\"Plugin Homepage\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa>\u003C\u002Fp>\n","Plugin used to overlay images on the current page into neat Javascript-powered overlay popups.",600,75882,"2008-08-22T09:35:00.000Z","2.6.1","1.5",[21,22,23,117],"http:\u002F\u002Fwww.4mj.it\u002Fslimbox-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fslimbox-plugin.1.3.zip",{"attackSurface":147,"codeSignals":165,"taintFlows":172,"riskAssessment":173,"analyzedAt":182},{"hooks":148,"ajaxHandlers":161,"restRoutes":162,"shortcodes":163,"cronEvents":164,"entryPointCount":76,"unprotectedCount":76},[149,155,158],{"type":150,"name":151,"callback":152,"file":153,"line":154},"action","wp_enqueue_scripts","load_styles","fancybox.php",41,{"type":150,"name":151,"callback":156,"file":153,"line":157},"load_scripts",42,{"type":150,"name":159,"callback":20,"file":153,"line":160},"wp_head",43,[],[],[],[],{"dangerousFunctions":166,"sqlUsage":167,"outputEscaping":169,"fileOperations":76,"externalRequests":76,"nonceChecks":76,"capabilityChecks":76,"bundledLibraries":171},[],{"prepared":76,"raw":76,"locations":168},[],{"escaped":76,"rawEcho":76,"locations":170},[],[],[],{"summary":174,"deductions":175},"The \"fancy-box\" v1.1.0 plugin exhibits a seemingly strong static security posture.  The absence of detected dangerous functions, file operations, external HTTP requests, and a complete reliance on prepared statements for SQL queries are positive indicators. Furthermore, all identified outputs are properly escaped, and the taint analysis shows no vulnerabilities.  However, the plugin's vulnerability history presents a significant concern. With one known and currently unpatched CVE, specifically a medium-severity Cross-Site Scripting (XSS) vulnerability, the overall security risk escalates considerably. The fact that the last vulnerability was reported in the future (2025-03-21) is an anomaly that requires further investigation but, assuming it represents a real historical issue, it points to a pattern of past security weaknesses that have not been remediated in this version. While the code itself appears clean in static analysis, the unaddressed CVE overshadows these strengths, indicating that users are exposed to known risks.",[176,179],{"reason":177,"points":178},"Currently unpatched CVE exists",15,{"reason":180,"points":181},"Medium severity CVE history",5,"2026-03-16T18:13:29.511Z",{"wat":184,"direct":195},{"assetPaths":185,"generatorPatterns":189,"scriptPaths":190,"versionParams":191},[186,187,188],"\u002Ffancy-box\u002Fjquery.fancybox.css","\u002Ffancy-box\u002Fjquery.fancybox.js","\u002Ffancy-box\u002Fjquery.easing.js",[],[],[192,193,194],"fancy-box\u002Fjquery.fancybox.css?ver=","fancy-box\u002Fjquery.fancybox.js?ver=","fancy-box\u002Fjquery.easing.js?ver=",{"cssClasses":196,"htmlComments":197,"htmlAttributes":198,"restEndpoints":200,"jsGlobals":201,"shortcodeOutput":203},[],[],[199],"rel=\"fancybox\"",[],[202],"jQuery",[]]