CVE-2025-5092

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-5092

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-5092

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Cross-site Scripting (XSS)

Overview lightgallery is an A lightweight, customizable, modular, responsive, lightbox gallery plugin for jQuery. Affected versions of this package are vulnerable to Cross-site Scripting XSS via insufficient input sanitization and output escaping of attributes. An attacker can execute arbitrary w...

Cross-site Scripting (XSS)

Overview org.webjars.npm:lightgallery is an A lightweight, customizable, modular, responsive, lightbox gallery plugin for jQuery. Affected versions of this package are vulnerable to Cross-site Scripting XSS via insufficient input sanitization and output escaping of attributes. An attacker can...

@aurehxa/componentstest (>=1.0.0 <=1.0.1), @codesyntax/ionic-react-photo-viewer (>=1.0.0 <=1.7.0) +60 more potentially affected by CVE-2025-5092 via lightgallery (>=1.10.0 <=2.9.0)

lightgallery NPM version =1.10.0, =1.0.0, =1.0.0, =0.1.139, =2.9.6, =1.7.8, =1.0.183, =1.0.1, =0.0.1-alpha, =2.0.1, =1.0.0, =0.0.6-beta.1, =0.0.1, =3.3.0, =3.4.0 and more Source cves: CVE-2025-5092 Source advisory: SNYK:JS-LIGHTGALLERY-14101882...

CVE-2025-5092

CVE-2025-5092 is an authenticated (Contributor+) DOM-based stored XSS issue found in WordPress plugins/themes that bundle the lightGallery library (versions

CVE-2025-5092 Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

EUVD-2025-198262

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-5092 Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress LightGallery WP plugin <= 1.0.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin LightGallery WP versions = 1.0.5...

WordPress plugin theme 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...

PT-2025-47557

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

GHSA-W5PX-5878-M9X4 Drupal Lightgallery Cross-site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS. This issue affects Lightgallery: from 0.0.0 before 1.6.0...

Drupal Lightgallery Cross-site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS. This issue affects Lightgallery: from 0.0.0 before 1.6.0...

CVE-2025-48447

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS.This issue affects Lightgallery: from 0.0.0 before 1.6.0...

CVE-2025-48447

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS.This issue affects Lightgallery: from 0.0.0 before 1.6.0...

CVE-2025-48447 Lightgallery - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-069

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS.This issue affects Lightgallery: from 0.0.0 before 1.6.0...

CVE-2025-48447 Lightgallery - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-069

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS.This issue affects Lightgallery: from 0.0.0 before 1.6.0...

CVE-2025-48447

CVE-2025-48447 affects Drupal Lightgallery prior to 1.6.0. The issue is described as improper neutralization of input during web page generation, enabling Cross-Site Scripting (XSS). Affected versions are 0.0.0 through 1.6.0, with remediation to update to 1.6.0 or later (per PT-2025-25222). Publi...