CVE-2025-5537

The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alternative texts in all versions up to, and including, 2.7.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-5537

The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alternative texts in all versions up to, and including, 2.7.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-5537 Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.34 - Authenticated (Author+) Stored Cross-Site Scripting

The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alternative texts in all versions up to, and including, 2.7.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-5537

The FooBox Lightbox & Modal Popup WordPress plugin (versions up to 2.7.34) is affected by a Stored Cross-Site Scripting vulnerability via image alt texts due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Author level or higher, enabling an a...

PT-2025-28330 · WordPress · Foobox

Name of the Vulnerable Software and Affected Versions: The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress versions up to, and including, 2.7.34 Description: The issue is related to Stored Cross-Site Scripting via image alternative texts due to insufficient input sanitizatio...

CVE-2024-3276

The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...

CVE-2025-32139 WordPress Lightbox & Modal Popup WordPress Plugin – FooBox plugin <= 2.7.33 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bradvin FooBox Image Lightbox . This issue affects FooBox Image Lightbox : from n/a through 2.7.33...

CVE-2025-32139 WordPress Lightbox & Modal Popup WordPress Plugin – FooBox plugin <= 2.7.33 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FooPlugins FooBox Image Lightbox foobox-image-lightbox.This issue affects FooBox Image Lightbox : from n/a through = 2.7.33...

WordPress FooBox plugin <= 2.7.28 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via HTML Data Attributes vulnerability discovered by Webbernaut in WordPress Plugin FooBox Image Lightbox versions = 2.7.28...

PT-2024-36988 · WordPress · Foobox

Name of the Vulnerable Software and Affected Versions: FooBox plugin for WordPress versions up to, and including, 2.7.28 Description: The issue is related to DOM-based Stored Cross-Site Scripting via HTML data attributes due to insufficient input sanitization and output escaping on user-supplied...

CVE-2024-3276

The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...

WordPress plugin FooBox security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2024-24832 · WordPress · Foobox-Image-Lightbox-Premium +1

Name of the Vulnerable Software and Affected Versions: The Lightbox & Modal Popup WordPress Plugin versions prior to 2.7.28 foobox-image-lightbox-premium WordPress plugin versions prior to 2.7.28 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site...