103 matches found
WordPress Responsive Lightbox & Gallery plugin < 2.6.1 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Responsive Lightbox versions 2.6.1...
CVE-2025-15386
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...
CVE-2026-2479
The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of strpos for substring-based hostname validation instead of strict host comparison in the ajaxuploadimage function. This makes i...
CVE-2026-2479 Responsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload
The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of strpos for substring-based hostname validation instead of strict host comparison in the ajaxuploadimage function. This makes i...
CVE-2026-2479
CVE-2026-2479 affects the WordPress plugin Responsive Lightbox & Gallery (versions ≤ 2.7.1). The SSRF flaw arises from using substring-based hostname validation via strpos in ajax_upload_image(), allowing an authenticated attacker with Author-level access to trigger web requests from the applicat...
WordPress plugin Responsive Lightbox & Gallery 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress Responsive Lightbox & Gallery plugin <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload vulnerability
Authenticated Author+ Server-Side Request Forgery via Remote Library Image Upload vulnerability discovered by lucsob in WordPress Plugin Responsive Lightbox versions = 2.7.1...
CVE-2025-15386
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...
CVE-2025-15386
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...
CVE-2025-15386 Responsive Lightbox & Gallery < 2.6.1 - Unauthenticated Stored XSS
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...
EUVD-2025-207548
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...
CVE-2025-15386
The CVE describes an Unauthenticated Stored XSS in the WordPress plugin “Responsive Lightbox & Gallery”
CVE-2025-15386 Responsive Lightbox & Gallery < 2.6.1 - Unauthenticated Stored XSS
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...
WordPress plugin Responsive Lightbox & Gallery 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Responsive Lightbox & Gallery plugin <= 2.4.7 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Responsive Lightbox versions = 2.4.7...
CVE-2025-12359
The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'getimagesizebyurl' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items...
CVE-2025-12359 Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery
The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'getimagesizebyurl' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items...
CVE-2025-12359 Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery
The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'getimagesizebyurl' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items...
WordPress plugin Responsive Lightbox & Gallery 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
PT-2025-47429
The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'get image size by url' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery item...