2 matches found
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /download URL validation process. An attacker can access internal resources or trigger unintended network requests by crafting a browser-side redirect that bypasses validation. Remediation Upgrad...
CVE-2025-3649
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks...