Lightbox
1 CVEs
product
Monthly
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress
XSS
Lightbox
PHP
NVD
WPScan
CVSS 3.1
6.8
EPSS
0.3%
EPSS 0%
CVSS 6.8
MEDIUM
POC
This Week
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress
XSS
Lightbox
+1
NVD
WPScan