CVE-2025-5092 Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library

🗓️ 20 Nov 2025 06:38:41Reported by WordfenceType

Authenticated contributors can exploit stored XSS in WordPress plugins via lightGallery up to 2.8.3.

Reporter	Title	Published	Views	Family All 20
Circl	CVE-2025-5092	20 Nov 202507:59	–	circl
CNNVD	WordPress plugin theme 跨站脚本漏洞	20 Nov 202500:00	–	cnnvd
CVE	CVE-2025-5092	20 Nov 202506:38	–	cve
EUVD	EUVD-2025-198262	20 Nov 202506:38	–	euvd
NVD	CVE-2025-5092	20 Nov 202515:17	–	nvd
Patchstack	WordPress TP WooCommerce Product Gallery plugin <= 1.1.9 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	20 Nov 202502:48	–	patchstack
Patchstack	WordPress LightGallery WP plugin <= 1.0.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	20 Nov 202502:34	–	patchstack
Patchstack	WordPress Gallery with thumbnail slider plugin <= 7.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	20 Nov 202501:25	–	patchstack
Patchstack	WordPress Royal Elementor Addons plugin <= 1.7.1031 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting	20 Nov 202502:45	–	patchstack
Patchstack	WordPress Grid KIT Portfolio plugin <= 2.2.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	20 Nov 202502:41	–	patchstack

[
  {
    "vendor": "lightgalleryteam",
    "product": "LightGallery WP",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.0.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "tplugins",
    "product": "TP WooCommerce Product Gallery",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.1.9",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "vowelweb",
    "product": "Ibtana – WordPress Website Builder",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.2.5.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "wproyal",
    "product": "Royal Addons for Elementor – Addons and Templates Kit for Elementor",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.7.1031",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "wpsofts",
    "product": "Portfolio, Gallery, Product Catalog – Grid KIT Portfolio",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.2.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "famethemes",
    "product": "OnePress",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.3.16",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "galaxyweblinks",
    "product": "Gallery with thumbnail slider",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "7.8",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "oxilab",
    "product": "Image Hover Effects Ultimate ( Image Gallery, Effects, Lightbox, Comparison & Magnifier )",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "9.10.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
github	www.github.com/sachinchoolur/lightGallery
plugins	www.plugins.trac.wordpress.org/changeset/3343557/
plugins	www.plugins.trac.wordpress.org/changeset/3372141/
plugins	www.plugins.trac.wordpress.org/changeset/3356089/
plugins	www.plugins.trac.wordpress.org/changeset/3311382/
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/acaa3142-2bbc-43d3-8ecc-05e8edb931ec
themes	www.themes.trac.wordpress.org/changeset/299860

08 Apr 2026 17:14Current

CVSS 3.16.4

EPSS0.00046

CWE-79