CVE-2026-4379

The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...

CVE-2026-4379

The CVE-2026-4379 entry describes a Stored Cross-Site Scripting vulnerability in the LightPress Lightbox WordPress plugin, affecting all versions up to 2.3.4. The issue arises from how the plugin appends the group attribute to the [gallery] shortcode output without proper escaping, enabling authe...

CVE-2026-4379 LightPress Lightbox <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group' Shortcode Attribute

The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...

PT-2026-31073

The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...

WordPress plugin LightPress Lightbox 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress LightPress Lightbox plugin <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'group' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP jQuery Lightbox versions = 2.3.4...

EUVD-2025-14272

Malicious code in bioql PyPI...

CVE-2025-3649

The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks...

CVE-2025-3649

The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks...

CVE-2025-3649 LightPress Lightbox < 2.3.4 - Contributor+ Stored XSS

The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks...

CVE-2025-3649 LightPress Lightbox < 2.3.4 - Contributor+ Stored XSS

The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks...

PT-2025-20682 · WordPress · Lightpress Lightbox

Name of the Vulnerable Software and Affected Versions: LightPress Lightbox plugin for WordPress versions prior to 2.3.4 Description: The issue allows users with at least the contributor role to conduct Stored XSS attacks due to the plugin not checking if download links point to valid,...

WordPress plugin LightPress Lightbox 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...