Lucene search
K

700 matches found

EUVD
EUVD
added 2026/03/26 9:30 a.m.5 views

EUVD-2026-16122

The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00189EPSS
Exploits0References2
NVD
NVD
added 2026/03/26 7:16 a.m.7 views

CVE-2026-1430

The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00189EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 6:0 a.m.4 views

CVE-2026-1430 WP Lightbox 2 < 3.0.7 - Admin+ Stored XSS

The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.00189EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 6:0 a.m.2 views

CVE-2026-1430

The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 6:0 a.m.26 views

CVE-2026-1430 WP Lightbox 2 < 3.0.7 - Admin+ Stored XSS

The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00189EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

WordPress plugin WP Lightbox 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

4.8CVSS5.8AI score0.00189EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.12 views

PT-2026-28214

Name of the Vulnerable Software and Affected Versions WP Lightbox 2 WordPress plugin versions prior to 3.0.7 Description The WP Lightbox 2 WordPress plugin does not properly sanitise and escape certain settings. This could allow users with high privileges, such as administrators, to carry out...

4.8CVSS5.9AI score0.00189EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/03/23 6:27 p.m.5 views

WordPress Multi Functional Flexi Lightbox plugin <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter vulnerability

Authenticated Admin+ Stored Cross-Site Scripting via 'message' Parameter vulnerability discovered by san6051 - PWC in WordPress Plugin Multi Functional Flexi Lightbox versions = 1.2...

5.5CVSS5.8AI score0.0026EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/21 4:17 a.m.7 views

CVE-2026-3347

The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arvlbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arvlboptionsval sanitize callback returning...

5.5CVSS0.0026EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.1 views

CVE-2026-3347

The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arvlbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arvlboptionsval sanitize callback returning...

5.5CVSS6AI score0.0026EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.29 views

CVE-2026-3347 Multi Functional Flexi Lightbox <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter

The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arvlbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arvlboptionsval sanitize callback returning...

5.5CVSS0.0026EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.3 views

CVE-2026-3347 Multi Functional Flexi Lightbox <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter

The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arvlbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arvlboptionsval sanitize callback returning...

5.5CVSS6AI score0.0026EPSS
Exploits0References5
CVE
CVE
added 2026/03/21 3:26 a.m.11 views

CVE-2026-3347

The CVE-2026-3347 entry concerns the WordPress plugin Multi Functional Flexi Lightbox . Affected versions are all up to and including 1.2, with a Stored Cross-Site Scripting (Stored XSS) vulnerability in the field arv_lb[message]. The root cause is a sanitize callback, arv_lb_options_val(), that ...

5.5CVSS6AI score0.0026EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.4 views

PT-2026-26852

The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arv lbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arv lb options val sanitize callback...

5.5CVSS6AI score0.0026EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.8 views

WordPress plugin Multi Functional Flexi Lightbox 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.5CVSS5.7AI score0.0026EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/26 10:14 a.m.6 views

CVE-2026-2479

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of strpos for substring-based hostname validation instead of strict host comparison in the ajaxuploadimage function. This makes i...

5CVSS5.5AI score0.00234EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/26 7:21 a.m.10 views

WordPress Responsive Lightbox & Gallery plugin < 2.6.1 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Responsive Lightbox versions 2.6.1...

8.8CVSS5.3AI score0.00261EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/25 10:16 a.m.9 views

CVE-2025-15386

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

8.8CVSS5.4AI score0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/02/25 9:16 a.m.4 views

CVE-2026-2479

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of strpos for substring-based hostname validation instead of strict host comparison in the ajaxuploadimage function. This makes i...

5CVSS0.00234EPSS
Exploits0References5
CVE
CVE
added 2026/02/25 8:25 a.m.22 views

CVE-2026-2479

CVE-2026-2479 affects the WordPress plugin Responsive Lightbox & Gallery (versions ≤ 2.7.1). The SSRF flaw arises from using substring-based hostname validation via strpos in ajax_upload_image(), allowing an authenticated attacker with Author-level access to trigger web requests from the applicat...

5CVSS5.5AI score0.00234EPSS
Exploits0References5
Rows per page
Query Builder