Title: DOMPurify Update
Last modified: July 6, 2026

---

# DOMPurify Update

 *  [mstjean86](https://wordpress.org/support/users/mstjean86/)
 * (@mstjean86)
 * [2 days, 2 hours ago](https://wordpress.org/support/topic/dompurify-update/)
 * Hello,
 * We had a PEN Test performed on our site and they identified a vulnerability with
   an outdated version of DOMPurify which is included within your plugin. easy-fancybox/
   vendor/purify.min.js
   It’s listed as DOMPurify 3.2.6 which includes a vulnerability:
   [https://nvd.nist.gov/vuln/detail/CVE-2025-15599](https://nvd.nist.gov/vuln/detail/CVE-2025-15599)
   Instead of updating the plugin ourselves I was hoping you might be able to get
   this patched or we’ll have to explore moving away from the plugin all together.

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fdompurify-update%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/easy-fancybox/assets/icon-256x256.png?rev=3188201)
 * [Firelight Lightbox](https://wordpress.org/plugins/easy-fancybox/)
 * [Support Threads](https://wordpress.org/support/plugin/easy-fancybox/)
 * [Active Topics](https://wordpress.org/support/plugin/easy-fancybox/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/easy-fancybox/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/easy-fancybox/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [mstjean86](https://wordpress.org/support/users/mstjean86/)
 * Last activity: [2 days, 2 hours ago](https://wordpress.org/support/topic/dompurify-update/)
 * Status: not resolved