Lucene search
K

700 matches found

Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31073

The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...

6.4CVSS6.1AI score0.00264EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.6 views

WordPress plugin LightPress Lightbox 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00264EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/04/07 10:55 p.m.6 views

WordPress LightPress Lightbox plugin <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'group' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP jQuery Lightbox versions = 2.3.4...

6.4CVSS5.9AI score0.00264EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/04 9:30 a.m.6 views

EUVD-2026-18975

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This is due to insufficient input sanitization and output escaping in the 'src' attribute of the sulightbox shortcode. This makes it possib...

6.4CVSS6.1AI score0.0034EPSS
Exploits0References4
NVD
NVD
added 2026/04/04 8:16 a.m.5 views

CVE-2026-0737

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This is due to insufficient input sanitization and output escaping in the 'src' attribute of the sulightbox shortcode. This makes it possib...

6.4CVSS0.0034EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/04 7:41 a.m.2 views

CVE-2026-0737 Shortcodes Ultimate <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This is due to insufficient input sanitization and output escaping in the 'src' attribute of the sulightbox shortcode. This makes it possib...

6.4CVSS6.1AI score0.0034EPSS
Exploits0References3
CVE
CVE
added 2026/04/04 7:41 a.m.18 views

CVE-2026-0737

CVE-2026-0737 affects the WP Shortcodes Plugin - Shortcodes Ultimate for WordPress. All versions up to and including 7.4.7 are vulnerable to Stored Cross-Site Scripting via the su_lightbox shortcode, caused by insufficient input sanitization and output escaping in the src attribute. Authenticated...

6.4CVSS6.1AI score0.0034EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/04 7:41 a.m.2 views

CVE-2026-0737

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This is due to insufficient input sanitization and output escaping in the 'src' attribute of the sulightbox shortcode. This makes it possib...

6.4CVSS6.1AI score0.0034EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.11 views

WordPress plugin Shortcodes Ultimate 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.0034EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.5 views

PT-2026-30310

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This is due to insufficient input sanitization and output escaping in the 'src' attribute of the su lightbox shortcode. This makes it...

6.4CVSS6.1AI score0.0034EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/04/03 11:14 p.m.5 views

WordPress Shortcodes Ultimate plugin <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'sulightbox' Shortcode vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shortcodes Ultimate versions = 7.4.7...

6.4CVSS5.9AI score0.0034EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/01 3:31 a.m.8 views

EUVD-2026-17741

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting XSS related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References3
NVD
NVD
added 2026/04/01 1:16 a.m.7 views

CVE-2026-35055

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting XSS related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox...

6.1CVSS0.00155EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/01 12:30 a.m.3 views

CVE-2026-35055 XenForo Cross-Site Scripting via Lightbox in Posts

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting XSS related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
CVE
CVE
added 2026/04/01 12:30 a.m.14 views

CVE-2026-35055

XenForo is vulnerable to cross-site scripting (XSS) via lightbox usage in posts in versions before 2.3.9 and before 2.2.18. An attacker can inject scripts that execute when users interact with post content displayed in the lightbox. The issue is reported across multiple sources (including CVE-202...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/01 12:30 a.m.1 views

CVE-2026-35055

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting XSS related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/01 12:30 a.m.28 views

CVE-2026-35055 XenForo Cross-Site Scripting via Lightbox in Posts

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting XSS related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox...

6.1CVSS0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.9 views

PT-2026-29430

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting XSS related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/30 7:38 a.m.15 views

WordPress WP Lightbox 2 plugin < 3.0.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin WP Lightbox 2 versions 3.0.7...

4.8CVSS5.9AI score0.00189EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.3 views

CVE-2026-3347

The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arvlbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arvlboptionsval sanitize callback returning...

5.5CVSS6AI score0.0026EPSS
Exploits0References1
Rows per page
Query Builder