Vulnerability in Firelightwp Firelight_lightbox
CVE-2025-3597
The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available t…
EPSS: 0.003 (18.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L.
Affected products
- Firelightwp Firelight_lightbox
- Unknown Firelight Lightbox — versions 0
References
- contact@wpscan.com (Exploit, technical-description, Third Party Advisory, exploit, vdb-entry)
Frequently asked questions
- What is CVE-2025-3597?
- CVE-2025-3597 is a medium-severity vulnerability in Firelightwp Firelight_lightbox, classified under CWE-79 CROSS-SITE SCRIPTING (XSS). CVSS score: 5.9/10. Published 2025-05-12.
- How severe is CVE-2025-3597?
- Medium severity. CVSS v3 base score is 5.9 out of 10.