CVE-2026-2479
MEDIUMCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
2Description
The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of `strpos()` for substring-based hostname validation instead of strict host comparison in the `ajax_upload_image()` function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application, which can be used to query and modify information from internal services.
Analysis
Authenticated WordPress users with Author-level or higher privileges can exploit a Server-Side Request Forgery vulnerability in the Responsive Lightbox & Gallery plugin (versions up to 2.7.1) due to improper hostname validation in the image upload function. This allows attackers to send arbitrary web requests from the vulnerable server to internal services, potentially exposing or modifying sensitive information within the network. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems running for WordPress is vulnerable to Server-Side Request Forgery i and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today