Lucene search
K

62 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:29 a.m.6 views

CVE-2024-5424

The Gallery Blocks with Lightbox. Image Gallery, HTML5 video , YouTube, Vimeo Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘galleryID’ and 'className' parameters in all versions up to, and including, 3.2.1 due to...

6.4CVSS5.8AI score0.0047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:21 a.m.5 views

CVE-2024-3276

The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...

6.1CVSS5.3AI score0.00335EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:1 a.m.4 views

CVE-2024-6263

The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 3.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS5AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.3 views

CVE-2024-47307

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Essential Plugin Meta slider and carousel with lightbox meta-slider-and-carousel-with-lightbox allows Stored XSS.This issue affects Meta slider and carousel with lightbox: from n/a through = 2.0.1...

6.5CVSS5.9AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.6 views

CVE-2023-0441

The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enab...

8.1CVSS7.4AI score0.00731EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:11 a.m.16 views

CVE-2023-32797

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin = 1.0.22 versions...

7.1CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:41 a.m.6 views

CVE-2023-5621

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Title field in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS6AI score0.004EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/18 6:4 a.m.16 views

CVE-2025-3516

The Simple Lightbox WordPress plugin before 2.9.4 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.9CVSS5.9AI score0.00278EPSS
Exploits1References1
OSV
OSV
added 2025/05/16 6:0 a.m.6 views

CVE-2025-3516 Simple Lightbox < 2.9.4 - Contributor+ Stored XSS

The Simple Lightbox WordPress plugin before 2.9.4 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.9CVSS5.9AI score0.00278EPSS
Exploits1References3
Patchstack
Patchstack
added 2025/05/12 1:25 p.m.6 views

WordPress Firelight Lightbox plugin < 2.3.15 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin Firelight Lightbox versions 2.3.15...

5.9CVSS7.4AI score0.00283EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/05/12 6:0 a.m.72 views

CVE-2025-3597

CVE-2025-3597 affects the Firelight Lightbox WordPress plugin for versions prior to 2.3.15. The vulnerability lets users with post-writing capabilities execute arbitrary Javascript when the jQuery Metadata library is enabled, a feature intended for Pro but which can be activated in the free versi...

5.9CVSS6.9AI score0.00283EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/04/04 3:58 p.m.13 views

CVE-2025-32176 WordPress Gallery Blocks with Lightbox plugin <= 3.2.5 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored XSS.This issue affects SimpLy Gallery: from n/a through = 3.2.5...

6.5CVSS0.00367EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/13 5:31 p.m.4 views

WordPress Gallery and Lightbox plugin <= 1.0.14 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Gallery and Lightbox versions = 1.0.14...

6.5CVSS6.1AI score0.00218EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/09 11:31 a.m.22 views

CVE-2023-25060 WordPress Album and Image Gallery plus Lightbox plugin <= 1.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Album and Image Gallery plus Lightbox album-and-image-gallery-plus-lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Album and Image Gallery plus Lightbox: from n/a through ...

5.3CVSS7.3AI score0.00564EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/11/21 10:10 p.m.4 views

WordPress Gallery Blocks with Lightbox plugin <= 3.2.4.2 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by SE-YEON HWANG in WordPress Plugin SimpLy Gallery versions = 3.2.4.2...

5.5CVSS5.7AI score0.00364EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/11 1:3 a.m.4 views

WordPress video carousel slider with lightbox plugin <= 1.0.6 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Ala Arfaoui in WordPress Plugin video carousel slider with lightbox versions = 1.0.6...

9.1CVSS8.1AI score0.00501EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.6 views

PT-2024-10743 · WordPress · Video Carousel Slider With Lightbox Plugin

Name of the Vulnerable Software and Affected Versions: video carousel slider with lightbox plugin for WordPress versions 1.0.0 through 1.0.6 Description: The issue is related to SQL Injection via the id parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient...

9.1CVSS7.2AI score0.00501EPSS
Exploits0References10
OSV
OSV
added 2024/08/08 5:15 a.m.3 views

CVE-2024-5668

The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

5.4CVSS6AI score0.00282EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/08 12:0 a.m.12 views

WordPress FooBox Image Lightbox Plugin <= 2.7.28 is vulnerable to Cross Site Scripting (XSS)

Software FooBox Image Lightbox Type Plugin Vulnerable versions = 2.7.28 Fixed in 2.7.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5668 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 34ccb97b63f3 Credits Webbernaut...

6.4CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/07/03 8:15 a.m.4 views

CVE-2024-6263

The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 3.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

5.4CVSS5.9AI score0.00342EPSS
Exploits0References3
Rows per page
Query Builder