• mstjean86

    (@mstjean86)


    Hello,

    We had a PEN Test performed on our site and they identified a vulnerability with an outdated version of DOMPurify which is included within your plugin. easy-fancybox/vendor/purify.min.js

    It’s listed as DOMPurify 3.2.6 which includes a vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2025-15599

    Instead of updating the plugin ourselves I was hoping you might be able to get this patched or we’ll have to explore moving away from the plugin all together.

You must be logged in to reply to this topic.