CVE-2026-2479

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of strpos for substring-based hostname validation instead of strict host comparison in the ajaxuploadimage function. This makes i...

CVE-2025-15386

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

CVE-2026-2479

CVE-2026-2479 affects the WordPress plugin Responsive Lightbox & Gallery (versions ≤ 2.7.1). The SSRF flaw arises from using substring-based hostname validation via strpos in ajax_upload_image(), allowing an authenticated attacker with Author-level access to trigger web requests from the applicat...

CVE-2025-15386 Responsive Lightbox & Gallery < 2.6.1 - Unauthenticated Stored XSS

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

EUVD-2025-207548

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

CVE-2026-22345

Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through = 1.6...

CVE-2026-22345

Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through = 1.6...

CVE-2026-22345 WordPress Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin <= 1.6.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through = 1.6...

CVE-2026-22345 WordPress Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin <= 1.6.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through = 1.6...

WordPress plugin Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-21196

Name of the Vulnerable Software and Affected Versions A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery versions through 1.6.0 Description The software contains a flaw related to the deserialization of untrusted data, specifically allowing for object injection...

WordPress Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin <= 1.6.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery versions = 1.6.0...

WordPress Responsive Lightbox & Gallery plugin <= 2.4.7 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Responsive Lightbox versions = 2.4.7...

CVE-2025-14288

CVE-2025-14288 affects Gallery Blocks with Lightbox (WordPress) up to 3.3.0. Root cause: update_option AJAX handler (pgc_sgb_action_wizard) checks edit_posts instead of the more restrictive manage_options, enabling authenticated attackers with Contributor+ access to modify arbitrary pgc_sgb_* plu...

CVE-2025-12359 Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'getimagesizebyurl' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items...

CVE-2025-12359 Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'getimagesizebyurl' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items...

WordPress Responsive Lightbox & Gallery plugin <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery vulnerability

Authenticated Author+ Server-Side Request Forgery vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Responsive Lightbox versions = 2.5.3...

CVE-2025-9710 Responsive Lightbox & Gallery < 2.5.3 - Unauthenticated Stored-XSS via Comments

The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks...

EUVD-2022-52006

Malicious code in bioql PyPI...

WordPress plugin Responsive Lightbox & Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...