VYPR

Responsive Lightbox & Gallery

by WordPress

CVEs (6)

  • CVE-2025-15386HigFeb 24, 2026
    risk 0.57cvss 8.8epss 0.00

    The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved.

  • CVE-2025-3742MedMay 15, 2025
    risk 0.44cvss 6.8epss 0.00

    The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

  • CVE-2024-6870MedAug 22, 2024
    risk 0.42cvss 6.4epss 0.00

    The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping affecting the rl_upload_image AJAX endpoint. This makes it…

  • CVE-2023-49174MedDec 15, 2023
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5.

  • CVE-2025-5093MedJun 27, 2025
    risk 0.35cvss 5.4epss 0.00

    The Responsive Lightbox & Gallery WordPress plugin before 2.5.2 use the Swipebox library which does not validate and escape title attributes before outputting them back in a page/post where used, which could allow users with the contributor role and above to perform Stored…

  • CVE-2024-4091LowMay 15, 2025
    risk 0.23cvss 3.5epss 0.00

    The Responsive Gallery Grid WordPress plugin before 2.3.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed