702 matches found
CVE-2025-13968
The CVE concerns the WordPress plug-in Starboard Suite Reservation Calendars (WordPress). It is vulnerable to Stored Cross-Site Scripting via the [starboard-suite-lightbox] shortcode attributes in all versions up to and including 3.1.4 due to insufficient input sanitization and output escaping. T...
CVE-2026-56041
Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...
CVE-2026-56041 WordPress Responsive Lightbox plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...
EUVD-2026-39703
Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...
CVE-2026-56041
Summary: CVE-2026-56041 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress plugin “Responsive Lightbox” up to version 2.7.6. The incident is classified with CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating a network-vector XSS that requires user intera...
PT-2026-52756
Name of the Vulnerable Software and Affected Versions Responsive Lightbox versions prior to 2.7.7 Description An unauthenticated Cross Site Scripting XSS issue exists, which allows an attacker to execute malicious scripts in the browser of a user by injecting code into a web page. Recommendations...
DRUPAL-CONTRIB-2026-058
This module enables you to take payments through the Global Payments / Realex Hosted Payment Page HPP, either via a lightbox iframe or via a full-page redirect. When the gateway is configured with the redirect payment method, the module doesn't sufficiently verify the authenticity of the payment...
WordPress Responsive Lightbox plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Responsive Lightbox versions = 2.7.6...
PT-2026-52171
Name of the Vulnerable Software and Affected Versions Drupal Commerce Realex / Global Payments versions 0.0.0 through 3.0.2 Description An incorrect authorization issue allows forceful browsing when the gateway is configured with the redirect payment method. The module fails to sufficiently verif...
CVE-2026-4665 WP Carousel Free <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-caption' Attribute
The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...
PT-2026-36965
The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...
WordPress Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel plugin <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Carousel, Slider, Gallery by WP Carousel versions = 2.7.10...
WordPress Lightbox & Modal Popup WordPress Plugin – FooBox plugin <= 2.7.33 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin FooBox Image Lightbox versions = 2.7.33...
WordPress Album and Image Gallery plus Lightbox plugin <= 2.1.8 - Backdoor vulnerability
Backdoor vulnerability discovered by ? in WordPress Plugin Album and Image Gallery plus Lightbox versions = 2.1.8...
WordPress Meta slider and carousel with lightbox plugin <= 2.0.8 - Backdoor vulnerability
Backdoor vulnerability discovered by ? in WordPress Plugin Meta slider and carousel with lightbox versions = 2.0.8...
CVE-2026-4379
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...
EUVD-2024-33811
The Grey Owl Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'golbutton' shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
EUVD-2024-46646
The Gallery Blocks with Lightbox. Image Gallery, HTML5 video , YouTube, Vimeo Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘galleryID’ and 'className' parameters in all versions up to, and including, 3.2.1 due to...
CVE-2026-4379
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...
CVE-2026-4379
The CVE-2026-4379 entry describes a Stored Cross-Site Scripting vulnerability in the LightPress Lightbox WordPress plugin, affecting all versions up to 2.3.4. The issue arises from how the plugin appends the group attribute to the [gallery] shortcode output without proper escaping, enabling authe...