700 matches found
EUVD-2026-16122
The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2026-1430
The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2026-1430 WP Lightbox 2 < 3.0.7 - Admin+ Stored XSS
The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2026-1430
The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2026-1430 WP Lightbox 2 < 3.0.7 - Admin+ Stored XSS
The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin WP Lightbox 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...
PT-2026-28214
Name of the Vulnerable Software and Affected Versions WP Lightbox 2 WordPress plugin versions prior to 3.0.7 Description The WP Lightbox 2 WordPress plugin does not properly sanitise and escape certain settings. This could allow users with high privileges, such as administrators, to carry out...
WordPress Multi Functional Flexi Lightbox plugin <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter vulnerability
Authenticated Admin+ Stored Cross-Site Scripting via 'message' Parameter vulnerability discovered by san6051 - PWC in WordPress Plugin Multi Functional Flexi Lightbox versions = 1.2...
CVE-2026-3347
The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arvlbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arvlboptionsval sanitize callback returning...
CVE-2026-3347
The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arvlbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arvlboptionsval sanitize callback returning...
CVE-2026-3347 Multi Functional Flexi Lightbox <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter
The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arvlbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arvlboptionsval sanitize callback returning...
CVE-2026-3347 Multi Functional Flexi Lightbox <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter
The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arvlbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arvlboptionsval sanitize callback returning...
CVE-2026-3347
The CVE-2026-3347 entry concerns the WordPress plugin Multi Functional Flexi Lightbox . Affected versions are all up to and including 1.2, with a Stored Cross-Site Scripting (Stored XSS) vulnerability in the field arv_lb[message]. The root cause is a sanitize callback, arv_lb_options_val(), that ...
PT-2026-26852
The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arv lbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arv lb options val sanitize callback...
WordPress plugin Multi Functional Flexi Lightbox 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-2479
The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of strpos for substring-based hostname validation instead of strict host comparison in the ajaxuploadimage function. This makes i...
WordPress Responsive Lightbox & Gallery plugin < 2.6.1 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Responsive Lightbox versions 2.6.1...
CVE-2025-15386
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...
CVE-2026-2479
The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of strpos for substring-based hostname validation instead of strict host comparison in the ajaxuploadimage function. This makes i...
CVE-2026-2479
CVE-2026-2479 affects the WordPress plugin Responsive Lightbox & Gallery (versions ≤ 2.7.1). The SSRF flaw arises from using substring-based hostname validation via strpos in ajax_upload_image(), allowing an authenticated attacker with Author-level access to trigger web requests from the applicat...