3 matches found
CVE-2025-3597
CVE-2025-3597 affects the Firelight Lightbox WordPress plugin for versions prior to 2.3.15. The vulnerability lets users with post-writing capabilities execute arbitrary Javascript when the jQuery Metadata library is enabled, a feature intended for Pro but which can be activated in the free versi...
CVE-2024-50460
CVE-2024-50460 describes a Stored XSS in the Firelight Lightbox WordPress plugin (≤ 2.3.3). The vulnerability arises from improper neutralization of input during web page generation, enabling attacker-supplied input to be stored and served to users. Public references cite CVSS scores around 4.8–5...
CVE-2025-5035
CVE-2025-5035 concerns the WordPress plugin Firelight Lightbox. Public records show it could allow stored XSS by outputting unescaped title attributes, affecting users with as little as Contributor privileges. Public data confirms the issue existed in Firelight Lightbox versions prior to 2.3.16 a...