CVE-2026-1430

The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-45747

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Syed Balkhi WP Lightbox 2 plugin = 3.0.6.5 versions...

EUVD-2023-50036

Malicious code in bioql PyPI...

CVE-2025-3745

The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks...

CVE-2025-3745

The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks...

CVE-2025-3745

CVE-2025-3745 affects the WordPress plugin WP Lightbox 2, versions prior to 3.0.6.8. Root cause: the title attribute of links is not properly sanitized before use, enabling unauthenticated stored XSS. Impact is as described in public sources; remediation: upgrade to 3.0.6.8 or later (no exploit d...

CVE-2025-3745 WP Lightbox 2 < 3.0.6.8 - Unauthenticated Stored XSS

The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks...

CVE-2025-3745 WP Lightbox 2 < 3.0.6.8 - Unauthenticated Stored XSS

The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks...

PT-2025-27410 · WordPress · Wp Lightbox 2

Name of the Vulnerable Software and Affected Versions: WP Lightbox 2 versions prior to 3.0.6.8 Description: The issue concerns the incorrect sanitization of the title attribute in links, potentially allowing malicious users to conduct cross-site scripting XSS attacks. Recommendations: For version...

CVE-2024-6263

The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 3.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2024-6263

The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 3.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2023-45747

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Syed Balkhi WP Lightbox 2 plugin = 3.0.6.5 versions...

CVE-2023-45747 WordPress WP Lightbox 2 Plugin <= 3.0.6.5 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Syed Balkhi WP Lightbox 2 plugin = 3.0.6.5 versions...

PT-2023-29663 · WordPress · Syed Balkhi Wp Lightbox 2

Name of the Vulnerable Software and Affected Versions: Syed Balkhi WP Lightbox 2 plugin versions 3.0.6.5 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited by an authenticated administrator. There is no information...