CVE-2024-43924

CVE-2024-43924 concerns a Missing Authorization vulnerability in the WordPress plugin dFactory Responsive Lightbox, affecting versions from n/a to 2.4.7 and allowing access to functionality not properly constrained by ACLs. The issue is described as a Missing Authorization vulnerability with high...

CVE-2024-6870

The CVE-2024-6870 entry concerns the WordPress plugin Responsive Lightbox & Gallery. A stored XSS exists via file uploads in all versions up to 2.4.7, due to insufficient input sanitization and output escaping in the rl_upload_image AJAX endpoint. Authenticated attackers with Author-level access ...

CVE-2023-49174

CVE-2023-49174 concerns the WordPress plugin Responsive Lightbox & Gallery (dFactory) and is a cross-site scripting (XSS) vulnerability caused by improper input neutralization during web page generation. The issue is a Stored XSS affecting plugin versions 2.4.5 and earlier. Public sources explici...

CVE-2025-3742

CVE-2025-3742 affects the WordPress plugin “Responsive Lightbox & Gallery” (pre-2.5.1). The root cause is unvalidated/escaped attributes being output in pages/posts, enabling Stored Cross-Site Scripting for users with the contributor role and above. Impact is stored XSS in affected content, with ...

CVE-2017-2243

CVE-2017-2243 targets the WordPress plugin Responsive Lightbox (dFactory). The vulnerability is a cross-site scripting flaw in versions before 1.7.2, described as a reflected XSS (CWE-79) with the ability to inject arbitrary script/HTML via unspecified vectors. Multiple sources (NVD, JVN/JVND, CV...

CVE-2025-5093

The CVE-2025-5093 entry concerns the WordPress plugin Responsive Lightbox & Gallery (versions prior to 2.5.2). The root cause is Swipebox failing to validate/escape title attributes before output, enabling Stored XSS in pages/posts where content is rendered. Impact is defined as Stored Cross-Site...