VYPR

Lightpress Lightbox

by WordPress

CVEs (1)

  • CVE-2025-3649MedMay 12, 2025
    risk 0.44cvss 6.8epss 0.00

    The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks.