WordPress WP Lightbox 2 plugin < 3.0.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin WP Lightbox 2 versions 3.0.7...

EUVD-2026-16122

The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2026-1430 WP Lightbox 2 < 3.0.7 - Admin+ Stored XSS

The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2026-28214

Name of the Vulnerable Software and Affected Versions WP Lightbox 2 WordPress plugin versions prior to 3.0.7 Description The WP Lightbox 2 WordPress plugin does not properly sanitise and escape certain settings. This could allow users with high privileges, such as administrators, to carry out...

CVE-2025-3745

The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks...

WordPress WP Lightbox 2 plugin <= 3.0.6.6 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin WP Lightbox 2 versions = 3.0.6.6...

WordPress plugin WP Lightbox 2 cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...

CVE-2023-45747

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Syed Balkhi WP Lightbox 2 plugin = 3.0.6.5 versions...

WordPress Plugin WP Lightbox 2 Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...