Lucene search
K
DfactoryResponsive Lightbox*

5 matches found

CVE
CVE
added 2024/10/23 7:30 a.m.59 views

CVE-2024-43924

CVE-2024-43924 concerns a Missing Authorization vulnerability in the WordPress plugin dFactory Responsive Lightbox, affecting versions from n/a to 2.4.7 and allowing access to functionality not properly constrained by ACLs. The issue is described as a Missing Authorization vulnerability with high...

9.8CVSS6.4AI score0.0052EPSS
CVE
CVE
added 2024/08/22 9:29 a.m.55 views

CVE-2024-6870

The CVE-2024-6870 entry concerns the WordPress plugin Responsive Lightbox & Gallery. A stored XSS exists via file uploads in all versions up to 2.4.7, due to insufficient input sanitization and output escaping in the rl_upload_image AJAX endpoint. Authenticated attackers with Author-level access ...

6.4CVSS5.9AI score0.00313EPSS
CVE
CVE
added 2023/12/15 2:14 p.m.51 views

CVE-2023-49174

CVE-2023-49174 concerns the WordPress plugin Responsive Lightbox & Gallery (dFactory) and is a cross-site scripting (XSS) vulnerability caused by improper input neutralization during web page generation. The issue is a Stored XSS affecting plugin versions 2.4.5 and earlier. Public sources explici...

5.9CVSS6.7AI score0.00382EPSS
CVE
CVE
added 2025/05/15 6:0 a.m.50 views

CVE-2025-3742

CVE-2025-3742 affects the WordPress plugin “Responsive Lightbox & Gallery” (pre-2.5.1). The root cause is unvalidated/escaped attributes being output in pages/posts, enabling Stored Cross-Site Scripting for users with the contributor role and above. Impact is stored XSS in affected content, with ...

6.8CVSS5.7AI score0.00479EPSS
CVE
CVE
added 2025/06/27 6:0 a.m.26 views

CVE-2025-5093

The CVE-2025-5093 entry concerns the WordPress plugin Responsive Lightbox & Gallery (versions prior to 2.5.2). The root cause is Swipebox failing to validate/escape title attributes before output, enabling Stored XSS in pages/posts where content is rendered. Impact is defined as Stored Cross-Site...

5.4CVSS5.9AI score0.0019EPSS