Firelight Lightbox

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-5035 MEDIUM POC PATCH This Month

The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page, which could allow users with a role as low as contributors to perform stored Cross-Site Scripting attacks.

WordPress XSS Firelight Lightbox PHP
NVD WPScan
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-3597 MEDIUM POC This Month

The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Firelight Lightbox PHP
NVD WPScan
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-5035
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page, which could allow users with a role as low as contributors to perform stored Cross-Site Scripting attacks.

WordPress XSS Firelight Lightbox +1
NVD WPScan
CVE-2025-3597
EPSS 0% CVSS 5.9
MEDIUM POC This Month

The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Firelight Lightbox +1
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy