4 matches found
WordPress Firelight Lightbox plugin < 2.3.16 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin Firelight Lightbox versions 2.3.16...
CVE-2025-5035
creationtimestamp| type| source ---|---|--- 2025-06-27 06:53:19+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/19673...
CVE-2025-5035
The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page, which could allow users with a role as low as contributors to perform stored Cross-Site Scripting attacks...
CVE-2025-5035 Firelight Lightbox < 2.3.16 - Contributor+ Stored XSS
The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page, which could allow users with a role as low as contributors to perform stored Cross-Site Scripting attacks...