Lucene search
K

700 matches found

Cvelist
Cvelist
added 2026/02/25 8:25 a.m.25 views

CVE-2026-2479 Responsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of strpos for substring-based hostname validation instead of strict host comparison in the ajaxuploadimage function. This makes i...

5CVSS0.00234EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

WordPress plugin Responsive Lightbox & Gallery 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5CVSS5.9AI score0.00234EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/02/24 11:14 p.m.6 views

WordPress Responsive Lightbox & Gallery plugin <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload vulnerability

Authenticated Author+ Server-Side Request Forgery via Remote Library Image Upload vulnerability discovered by lucsob in WordPress Plugin Responsive Lightbox versions = 2.7.1...

5CVSS5.4AI score0.00234EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/24 6:16 a.m.12 views

CVE-2025-15386

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

8.8CVSS0.00261EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/24 6:0 a.m.8 views

EUVD-2025-207548

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

8.8CVSS5.4AI score0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/24 6:0 a.m.6 views

CVE-2025-15386 Responsive Lightbox & Gallery < 2.6.1 - Unauthenticated Stored XSS

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

5.3AI score0.00261EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/24 6:0 a.m.6 views

CVE-2025-15386

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

5.4AI score0.00261EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/24 6:0 a.m.31 views

CVE-2025-15386 Responsive Lightbox & Gallery < 2.6.1 - Unauthenticated Stored XSS

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

0.00261EPSS
Exploits0References1
CVE
CVE
added 2026/02/24 6:0 a.m.26 views

CVE-2025-15386

The CVE describes an Unauthenticated Stored XSS in the WordPress plugin “Responsive Lightbox & Gallery”

8.8CVSS5.4AI score0.00261EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.8 views

WordPress plugin Responsive Lightbox & Gallery 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.7AI score0.00261EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.8 views

PT-2026-21665

Name of the Vulnerable Software and Affected Versions Responsive Lightbox & Gallery WordPress plugin versions prior to 2.6.1 Description The software contains a flaw in its regex replacement rules that allows for an Unauthenticated Stored-XSS attack. This occurs when a malicious link is posted as...

8.8CVSS6AI score0.00261EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.5 views

CVE-2026-22345

Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through = 1.6...

8.8CVSS5.5AI score0.00344EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.12 views

CVE-2026-22345

Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through = 1.6...

8.8CVSS0.00344EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 3:46 p.m.6 views

CVE-2026-22345

Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through = 1.6...

5.4AI score0.00344EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.23 views

CVE-2026-22345 WordPress Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin <= 1.6.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through = 1.6...

8.8CVSS0.00344EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.5 views

CVE-2026-22345 WordPress Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin <= 1.6.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through = 1.6...

8.8CVSS5.4AI score0.00344EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.16 views

CVE-2026-22345

CVE-2026-22345 stems from a deserialization/ object-injection flaw in the WordPress plugin family Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery (component: new-image-gallery). The Red Hat/NVD entries and PatchStack corroborate that versions up to and including 1.6.0 ...

8.8CVSS5.5AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.8 views

CVE-2025-13612

The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aigpl-gallery-album shortcode in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

6.4CVSS5.7AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.7 views

PT-2026-21196

Name of the Vulnerable Software and Affected Versions A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery versions through 1.6.0 Description The software contains a flaw related to the deserialization of untrusted data, specifically allowing for object injection...

5.6AI score0.00344EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.6 views

WordPress plugin Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.00344EPSS
Exploits0References1
Rows per page
Query Builder