CVE-2026-1430

| EUVD-2026-16122 MEDIUM
2026-03-26 WPScan
4.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
PoC Detected
Mar 26, 2026 - 15:13 vuln.today
Public exploit code
EUVD ID Assigned
Mar 26, 2026 - 06:30 euvd
EUVD-2026-16122
Analysis Generated
Mar 26, 2026 - 06:30 vuln.today
CVE Published
Mar 26, 2026 - 06:00 nvd
MEDIUM 4.8

Tags

WordPress XSS

Description

The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Analysis

WP Lightbox 2 WordPress plugin before version 3.0.7 contains a Stored Cross-Site Scripting (XSS) vulnerability in its settings due to insufficient input sanitization and output escaping. High-privilege users, particularly administrators, can inject malicious JavaScript that persists in the database and executes in the browsers of other users, even in multisite installations where the unfiltered_html capability is restricted. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

44
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +24
POC: +20

Share

CVE-2026-1430 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy