Vulnerability in Jquery Colorbox

CVE-2025-3650

The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox library, which does not sanitize title attributes on links before using them, allowing users with at least the contributor role to conduct XSS attacks against administrat…

EPSS: 0.002 (6.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N.

Affected products

  • Unknown Jquery Colorbox — versions 0

References

Frequently asked questions

What is CVE-2025-3650?
CVE-2025-3650 is a low-severity vulnerability in Jquery Colorbox, classified under CWE-79 CROSS-SITE SCRIPTING (XSS). CVSS score: 3.5/10. Published 2025-09-12.
How severe is CVE-2025-3650?
Low severity. CVSS v3 base score is 3.5 out of 10.