62 matches found
PT-2024-37493 · WordPress · Wp Lightbox 2
Name of the Vulnerable Software and Affected Versions: WP Lightbox 2 plugin for WordPress versions up to, and including, 3.0.6.6 Description: The issue is related to Stored Cross-Site Scripting via the title parameter due to insufficient input sanitization and output escaping. This allows...
WordPress Gallery Blocks with Lightbox plugin <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via galleryID and className Parameters vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via galleryID and className Parameters vulnerability discovered by Webbernaut in WordPress Plugin SimpLy Gallery versions = 3.2.1...
CVE-2024-3276
The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...
PT-2024-24832 · WordPress · Foobox-Image-Lightbox-Premium +1
Name of the Vulnerable Software and Affected Versions: The Lightbox & Modal Popup WordPress Plugin versions prior to 2.7.28 foobox-image-lightbox-premium WordPress plugin versions prior to 2.7.28 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site...
CVE-2024-4194
Affected software. The Album and Image Gallery plus Lightbox (WordPress plugin) is vulnerable up to version 2.0. The issue is due to improper validation of a value before do_shortcode, enabling unauthenticated attackers to execute arbitrary shortcodes. This CVE is corroborated by multiple sources...
WordPress Album and Image Gallery plus Lightbox Plugin <= 2.0 is vulnerable to Broken Access Control
Software Album and Image Gallery plus Lightbox Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4194 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3971913257ef Credits...
CVE-2023-5945
The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsivevideogallerywithlightboxvideomanagementfunc function. This makes it possible for unauthenticated attackers...
WordPress video carousel slider with lightbox Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software video carousel slider with lightbox Type Plugin Vulnerable versions = 1.0 Fixed in 1.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5945 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1fb4a457923c Credits Al...
WordPress Plugin video carousel slider with lightbox Cross-site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress Thumbnail Slider With Lightbox Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Thumbnail Slider With Lightbox Type Plugin Vulnerable versions = 1.0 Fixed in 1.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5531 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fe76aeae2c6a Credits Ala...
CVE-2023-32797
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin = 1.0.22 versions...
CVE-2023-32797
CVE-2023-32797 is an unauthenticated reflected XSS vulnerability in the WordPress plugin “I Thirteen Web Solution video carousel slider with lightbox” (versions
PT-2023-24031 · I Thirteen Web Solution · Video Carousel Slider With Lightbox Plugin
Name of the Vulnerable Software and Affected Versions: I Thirteen Web Solution video carousel slider with lightbox plugin versions 1.0.22 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker could potentially...
CVE-2023-28776
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin = 1.0.15 versions...
CVE-2023-28776
CVE-2023-28776: Unauthenticated reflected XSS in WordPress plugin Continuous Image Carousel With Lightbox (
CVE-2023-2710
The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2023-2710
The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
Cross site scripting
The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2023-28792
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin = 1.0.15 versions...
CVE-2023-28792
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin = 1.0.15 versions...