2 matches found
CVE-2025-3649
The CVE-2025-3649 issue affects the LightPress Lightbox WordPress plugin (versions prior to 2.3.4). It arises because download links are not validated to ensure they point to non-Javascript URLs, enabling Stored XSS by users with at least the contributor role. Impact indicators from the sources l...
CVE-2024-5425
CVE-2024-5425 affects the WP jQuery Lightbox plugin for WordPress. It allows stored XSS via the title attribute in all versions up to 1.5.4 due to insufficient input sanitization and output escaping. Exploitation requires authentication at Contributor level or higher, enabling injected scripts to...