4 matches found
WordPress LightPress Lightbox plugin < 2.3.4 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin WP jQuery Lightbox versions 2.3.4...
CVE-2025-3649
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks...
CVE-2025-3649 LightPress Lightbox < 2.3.4 - Contributor+ Stored XSS
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks...
CVE-2025-3649 LightPress Lightbox < 2.3.4 - Contributor+ Stored XSS
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks...