Unrated severityNVD Advisory· Published May 16, 2025· Updated May 16, 2025

Simple Lightbox < 2.9.4 - Contributor+ Stored XSS

CVE-2025-3516

Description

The Simple Lightbox WordPress plugin before 2.9.4 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Simplelightboxcpe-rescue
Package: https://wordpress.org/plugins/simplelightbox
Simple Lightbox/Simple Lightboxllm-create
Range: <2.9.4

Patches

Vulnerability mechanics

References

wpscan.com/vulnerability/336a78cd-297b-4f47-a007-e33eac7f1dad/mitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000