Firelight Lightbox Security Vulnerabilities and Issues — Firelight Lightbox CVE List

Lucene search

FirelightwpFirelight Lightbox

2 matches found

CVE•added 2025/06/20 3:15 p.m.•8 views

CVE-2025-52707

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FirelightWP Firelight Lightbox allows Stored XSS. This issue affects Firelight Lightbox: from n/a through 2.3.16.

6.5CVSS6.4AI score0.00039EPSS

CVE•added 2025/06/27 6:15 a.m.•7 views

CVE-2025-5035

The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page, which could allow users with a role as low as contributors to perform stored Cross-Site Scripting attacks.

5.4CVSS5.9AI score0.00034EPSS