CVE-2025-5092

🗓️ 20 Nov 2025 06:38:41Reported by WordfenceType

Authenticated WordPress users with Contributor+ can trigger stored XSS via lightGallery in plugins and themes.

Reporter	Title	Published	Views	Family All 20
Circl	CVE-2025-5092	20 Nov 202507:59	–	circl
CNNVD	WordPress plugin theme 跨站脚本漏洞	20 Nov 202500:00	–	cnnvd
Cvelist	CVE-2025-5092 Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library	20 Nov 202506:38	–	cvelist
EUVD	EUVD-2025-198262	20 Nov 202506:38	–	euvd
NVD	CVE-2025-5092	20 Nov 202515:17	–	nvd
Patchstack	WordPress TP WooCommerce Product Gallery plugin <= 1.1.9 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	20 Nov 202502:48	–	patchstack
Patchstack	WordPress LightGallery WP plugin <= 1.0.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	20 Nov 202502:34	–	patchstack
Patchstack	WordPress Gallery with thumbnail slider plugin <= 7.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	20 Nov 202501:25	–	patchstack
Patchstack	WordPress Royal Elementor Addons plugin <= 1.7.1031 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting	20 Nov 202502:45	–	patchstack
Patchstack	WordPress Grid KIT Portfolio plugin <= 2.2.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	20 Nov 202502:41	–	patchstack

Vulners

Node

lightgalleryteam lightgallery_wpRange≤1.0.5wordpress

tplugins tp_woocommerce_product_galleryRange≤1.1.9wordpress

vowelweb ibtana_wordpress_website_builderRange≤1.2.5.1wordpress

wproyal royal_addons_for_elementor_addons_and_templates_kit_for_elementorRange≤1.7.1031wordpress

wpsofts portfolio_gallery,_product_catalog_-_grid_kit_portfolioRange≤2.2.1wordpress

famethemes onepressRange≤2.3.16wordpress

galaxyweblinks gallery_with_thumbnail_sliderRange≤7.8wordpress

oxilab image_hover_effects_ultimate_(_image_gallery,_effects,_lightbox,_comparison_&_magnifier_)Range≤9.10.5wordpress

[
  {
    "vendor": "lightgalleryteam",
    "product": "LightGallery WP",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.0.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "tplugins",
    "product": "TP WooCommerce Product Gallery",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.1.9",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "vowelweb",
    "product": "Ibtana – WordPress Website Builder",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.2.5.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "wproyal",
    "product": "Royal Addons for Elementor – Addons and Templates Kit for Elementor",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.7.1031",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "wpsofts",
    "product": "Portfolio, Gallery, Product Catalog – Grid KIT Portfolio",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.2.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "famethemes",
    "product": "OnePress",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.3.16",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "galaxyweblinks",
    "product": "Gallery with thumbnail slider",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "7.8",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "oxilab",
    "product": "Image Hover Effects Ultimate ( Image Gallery, Effects, Lightbox, Comparison & Magnifier )",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "9.10.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
github	www.github.com/sachinchoolur/lightGallery
plugins	www.plugins.trac.wordpress.org/changeset/3343557/
plugins	www.plugins.trac.wordpress.org/changeset/3372141/
plugins	www.plugins.trac.wordpress.org/changeset/3356089/
plugins	www.plugins.trac.wordpress.org/changeset/3311382/
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/acaa3142-2bbc-43d3-8ecc-05e8edb931ec
themes	www.themes.trac.wordpress.org/changeset/299860

15 Apr 2026 00:35Current

5.2Medium risk

Vulners AI Score5.2

CVSS 3.16.4

EPSS0.00046

SSVC

CWE-79