Lucene search
K

700 matches found

CNNVD
CNNVD
added 2025/12/13 12:0 a.m.5 views

WordPress plugin Gallery Blocks with Lightbox 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...

4.3CVSS6.5AI score0.0019EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/19 10:23 a.m.8 views

CVE-2025-12691

The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox functionality in all versions up to, and including, 3.21 due to insufficient input sanitization and output escaping on user supplied caption...

6.4CVSS5AI score0.00166EPSS
Exploits0References1
NVD
NVD
added 2025/11/19 6:15 a.m.4 views

CVE-2025-12359

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'getimagesizebyurl' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items...

5.4CVSS0.00213EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/11/19 5:45 a.m.7 views

CVE-2025-12359 Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'getimagesizebyurl' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items...

5.4CVSS5.3AI score0.00213EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/11/19 5:45 a.m.15 views

CVE-2025-12359 Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'getimagesizebyurl' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items...

5.4CVSS0.00213EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.6 views

PT-2025-47429

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'get image size by url' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery item...

5.4CVSS5.8AI score0.00213EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.11 views

WordPress plugin Responsive Lightbox & Gallery 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

5.4CVSS6.9AI score0.00213EPSS
Exploits0References8
Patchstack
Patchstack
added 2025/11/18 11:7 p.m.5 views

WordPress Responsive Lightbox & Gallery plugin <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery vulnerability

Authenticated Author+ Server-Side Request Forgery vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Responsive Lightbox versions = 2.5.3...

5.4CVSS7.1AI score0.00213EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/11/18 12:30 p.m.6 views

EUVD-2025-197960

The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox functionality in all versions up to, and including, 3.21 due to insufficient input sanitization and output escaping on user supplied caption...

6.4CVSS4.7AI score0.00166EPSS
Exploits0References3
NVD
NVD
added 2025/11/18 10:15 a.m.6 views

CVE-2025-12691

The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox functionality in all versions up to, and including, 3.21 due to insufficient input sanitization and output escaping on user supplied caption...

6.4CVSS0.00166EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/18 9:27 a.m.3 views

CVE-2025-12691 Photonic Gallery & Lightbox for Flickr, SmugMug & Others <= 3.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Caption Attribute

The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox functionality in all versions up to, and including, 3.21 due to insufficient input sanitization and output escaping on user supplied caption...

6.4CVSS4.7AI score0.00166EPSS
Exploits0References2
CVE
CVE
added 2025/11/18 9:27 a.m.17 views

CVE-2025-12691

The CVE-2025-12691 entry concerns the Photonic Gallery & Lightbox for Flickr, SmugMug & Others WordPress plugin (versions &lt;= 3.21). The connected Wordfence report confirms a stored cross-site scripting flaw in the lightbox caption attribute, exploitable by authenticated users with contributor+...

6.4CVSS4.7AI score0.00166EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.6 views

PT-2025-47283

Name of the Vulnerable Software and Affected Versions Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress versions prior to 3.22 Description The software is susceptible to Stored Cross-Site Scripting through its lightbox functionality. This is due to inadequate input...

6.4CVSS5.6AI score0.00166EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/11/12 5:13 a.m.8 views

WordPress Thumbnail Slider With Lightbox plugin <= 1.0.21 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Thumbnail Slider With Lightbox versions = 1.0.21...

6.4CVSS6.3AI score0.00421EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/10/29 10:15 a.m.17 views

CVE-2015-10146

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

4.9CVSS0.0027EPSS
Exploits0References2
CVE
CVE
added 2025/10/29 9:27 a.m.12 views

CVE-2015-10146

CVE-2015-10146 affects the WordPress plugin Thumbnail Slider With Lightbox (plugin slug: wp-responsive-slider-with-lightbox). All versions up to and including 1.0.4 are vulnerable to SQL injection via the id parameter due to insufficient escaping and improper query construction. Exploitation requ...

4.9CVSS6.2AI score0.0027EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/10/29 9:27 a.m.9 views

CVE-2015-10146 Thumbnail Slider With Lightbox <= 1.0.4 - Authenticated (Admin+) SQL Injection

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

4.9CVSS0.0027EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/29 9:27 a.m.6 views

CVE-2015-10146 Thumbnail Slider With Lightbox <= 1.0.4 - Authenticated (Admin+) SQL Injection

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

4.9CVSS5.9AI score0.0027EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/29 9:27 a.m.4 views

EUVD-2015-9406

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

4.9CVSS6.1AI score0.0027EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/10/29 6:13 a.m.8 views

WordPress Thumbnail Slider With Lightbox plugin <= 1.0.4 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Ala Arfaoui in WordPress Plugin Thumbnail Slider With Lightbox versions = 1.0.4...

4.9CVSS7.8AI score0.0027EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder