VYPR

Responsive Lightbox

by WordPress

Source repositories

CVEs (8)

  • CVE-2025-9710MedOct 6, 2025
    risk 0.41cvss 6.3epss 0.00

    The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks.

  • CVE-2017-2243MedJul 7, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2024-49282MedOct 17, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox responsive-lightbox allows Stored XSS.This issue affects Responsive Lightbox: from n/a through <= 2.4.8.

  • CVE-2025-12359MedNov 19, 2025
    risk 0.35cvss 5.4epss 0.00

    The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'get_image_size_by_url' function. This is due to insufficient validation of user-supplied URLs when determining image…

  • CVE-2024-5667MedMar 5, 2025
    risk 0.35cvss 6.4epss 0.00

    Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library (versions 1.7.13 to 1.7.14) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2026-2479MedFeb 25, 2026
    risk 0.26cvss 5.0epss 0.00

    The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of `strpos()` for substring-based hostname validation instead of strict host comparison in the…

  • CVE-2025-5093Jun 27, 2025
    risk 0.00cvss epss 0.00

    The Responsive Lightbox & Gallery WordPress plugin before 2.5.2 use the Swipebox library which does not validate and escape title attributes before outputting them back in a page/post where used, which could allow users with the contributor role and above to perform Stored…

  • CVE-2025-3742May 15, 2025
    risk 0.00cvss epss 0.00

    The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.