Lucene search
K

702 matches found

CVE
CVE
added 5 hours ago4 views

CVE-2025-13968

The CVE concerns the WordPress plug-in Starboard Suite Reservation Calendars (WordPress). It is vulnerable to Stored Cross-Site Scripting via the [starboard-suite-lightbox] shortcode attributes in all versions up to and including 3.1.4 due to insufficient input sanitization and output escaping. T...

6.4CVSS6.2AI score
Exploits0References6
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-56041

Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.34 views

CVE-2026-56041 WordPress Responsive Lightbox plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...

7.1CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.6 views

EUVD-2026-39703

Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.13 views

CVE-2026-56041

Summary: CVE-2026-56041 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress plugin “Responsive Lightbox” up to version 2.7.6. The incident is classified with CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating a network-vector XSS that requires user intera...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52756

Name of the Vulnerable Software and Affected Versions Responsive Lightbox versions prior to 2.7.7 Description An unauthenticated Cross Site Scripting XSS issue exists, which allows an attacker to execute malicious scripts in the browser of a user by injecting code into a web page. Recommendations...

7.1CVSS5.9AI score0.0018EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 6:40 p.m.4 views

DRUPAL-CONTRIB-2026-058

This module enables you to take payments through the Global Payments / Realex Hosted Payment Page HPP, either via a lightbox iframe or via a full-page redirect. When the gateway is configured with the redirect payment method, the module doesn't sufficiently verify the authenticity of the payment...

5.9AI score
Exploits0References1
Patchstack
Patchstack
added 2026/06/24 3:2 p.m.4 views

WordPress Responsive Lightbox plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Responsive Lightbox versions = 2.7.6...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.4 views

PT-2026-52171

Name of the Vulnerable Software and Affected Versions Drupal Commerce Realex / Global Payments versions 0.0.0 through 3.0.2 Description An incorrect authorization issue allows forceful browsing when the gateway is configured with the redirect payment method. The module fails to sufficiently verif...

6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 3:37 a.m.6 views

CVE-2026-4665 WP Carousel Free <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-caption' Attribute

The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...

6.4CVSS6AI score0.00281EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-36965

The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...

6.4CVSS6AI score0.00281EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/05/04 3:1 p.m.24 views

WordPress Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel plugin <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Carousel, Slider, Gallery by WP Carousel versions = 2.7.10...

6.4CVSS5.8AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/01 9:31 a.m.6 views

WordPress Lightbox & Modal Popup WordPress Plugin – FooBox plugin <= 2.7.33 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin FooBox Image Lightbox versions = 2.7.33...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/14 11:37 a.m.6 views

WordPress Album and Image Gallery plus Lightbox plugin <= 2.1.8 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Album and Image Gallery plus Lightbox versions = 2.1.8...

5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/14 11:36 a.m.7 views

WordPress Meta slider and carousel with lightbox plugin <= 2.0.8 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Meta slider and carousel with lightbox versions = 2.0.8...

5.8AI score
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.3 views

CVE-2026-4379

The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...

6.4CVSS5.9AI score0.00264EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:32 p.m.5 views

EUVD-2024-33811

The Grey Owl Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'golbutton' shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS7.4AI score0.00522EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/08 6:33 p.m.4 views

EUVD-2024-46646

The Gallery Blocks with Lightbox. Image Gallery, HTML5 video , YouTube, Vimeo Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘galleryID’ and 'className' parameters in all versions up to, and including, 3.2.1 due to...

6.4CVSS6.1AI score0.0047EPSS
Exploits0References7
NVD
NVD
added 2026/04/08 4:17 a.m.4 views

CVE-2026-4379

The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...

6.4CVSS0.00264EPSS
Exploits0References4
CVE
CVE
added 2026/04/08 2:25 a.m.8 views

CVE-2026-4379

The CVE-2026-4379 entry describes a Stored Cross-Site Scripting vulnerability in the LightPress Lightbox WordPress plugin, affecting all versions up to 2.3.4. The issue arises from how the plugin appends the group attribute to the [gallery] shortcode output without proper escaping, enabling authe...

6.4CVSS6.1AI score0.00264EPSS
Exploits0References4
Rows per page
Query Builder