CVE-2025-3597
CVE-2025-3597 affects the Firelight Lightbox WordPress plugin for versions prior to 2.3.15. The vulnerability lets users with post-writing capabilities execute arbitrary Javascript when the jQuery Metadata library is enabled, a feature intended for Pro but which can be activated in the free versi...