Lucene search
K

109 matches found

NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-56041

Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.34 views

CVE-2026-56041 WordPress Responsive Lightbox plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...

7.1CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.6 views

EUVD-2026-39703

Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.14 views

CVE-2026-56041

Summary: CVE-2026-56041 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress plugin “Responsive Lightbox” up to version 2.7.6. The incident is classified with CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating a network-vector XSS that requires user intera...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52756

Name of the Vulnerable Software and Affected Versions Responsive Lightbox versions prior to 2.7.7 Description An unauthenticated Cross Site Scripting XSS issue exists, which allows an attacker to execute malicious scripts in the browser of a user by injecting code into a web page. Recommendations...

7.1CVSS5.9AI score0.0018EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/24 3:2 p.m.4 views

WordPress Responsive Lightbox plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Responsive Lightbox versions = 2.7.6...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/26 7:21 a.m.10 views

WordPress Responsive Lightbox & Gallery plugin < 2.6.1 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Responsive Lightbox versions 2.6.1...

8.8CVSS5.3AI score0.00261EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/25 10:16 a.m.11 views

CVE-2025-15386

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

8.8CVSS5.4AI score0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/02/25 9:16 a.m.4 views

CVE-2026-2479

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of strpos for substring-based hostname validation instead of strict host comparison in the ajaxuploadimage function. This makes i...

5CVSS0.00234EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/25 8:25 a.m.26 views

CVE-2026-2479 Responsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of strpos for substring-based hostname validation instead of strict host comparison in the ajaxuploadimage function. This makes i...

5CVSS0.00234EPSS
Exploits0References5
CVE
CVE
added 2026/02/25 8:25 a.m.23 views

CVE-2026-2479

CVE-2026-2479 affects the WordPress plugin Responsive Lightbox & Gallery (versions ≤ 2.7.1). The SSRF flaw arises from using substring-based hostname validation via strpos in ajax_upload_image(), allowing an authenticated attacker with Author-level access to trigger web requests from the applicat...

5CVSS5.5AI score0.00234EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

WordPress plugin Responsive Lightbox & Gallery 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5CVSS5.9AI score0.00234EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/02/24 11:14 p.m.6 views

WordPress Responsive Lightbox & Gallery plugin <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload vulnerability

Authenticated Author+ Server-Side Request Forgery via Remote Library Image Upload vulnerability discovered by lucsob in WordPress Plugin Responsive Lightbox versions = 2.7.1...

5CVSS5.4AI score0.00234EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/24 6:16 a.m.12 views

CVE-2025-15386

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

8.8CVSS0.00261EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/24 6:0 a.m.8 views

EUVD-2025-207548

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

8.8CVSS5.4AI score0.00261EPSS
Exploits0References1
CVE
CVE
added 2026/02/24 6:0 a.m.26 views

CVE-2025-15386

The CVE describes an Unauthenticated Stored XSS in the WordPress plugin “Responsive Lightbox & Gallery”

8.8CVSS5.4AI score0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/24 6:0 a.m.6 views

CVE-2025-15386 Responsive Lightbox & Gallery < 2.6.1 - Unauthenticated Stored XSS

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

5.3AI score0.00261EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/24 6:0 a.m.6 views

CVE-2025-15386

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

5.4AI score0.00261EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/24 6:0 a.m.31 views

CVE-2025-15386 Responsive Lightbox & Gallery < 2.6.1 - Unauthenticated Stored XSS

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

0.00261EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.8 views

WordPress plugin Responsive Lightbox & Gallery 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.7AI score0.00261EPSS
Exploits0References1
Rows per page
Query Builder