VYPR

Lightbox & Modal Popup WordPress Plugin

by WordPress

CVEs (3)

  • CVE-2025-5537MedJul 8, 2025
    risk 0.42cvss 6.4epss 0.00

    The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alternative texts in all versions up to, and including, 2.7.34 due to insufficient input sanitization and output escaping. This makes it possible…

  • CVE-2024-5668MedAug 8, 2024
    risk 0.35cvss 6.4epss 0.00

    The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-3276MedJun 18, 2024
    risk 0.31cvss 4.8epss 0.00

    The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…