WordPress Firelight Lightbox plugin < 2.3.15 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin Firelight Lightbox versions 2.3.15...

CVE-2025-3597

CVE-2025-3597 affects the Firelight Lightbox WordPress plugin for versions prior to 2.3.15. The vulnerability lets users with post-writing capabilities execute arbitrary Javascript when the jQuery Metadata library is enabled, a feature intended for Pro but which can be activated in the free versi...