Dfactory Responsive Lightbox & Gallery
6 CVEs affecting Dfactory Responsive Lightbox & Gallery. Latest disclosed: 2026-02-25. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-5667 | Medium | 6.4 | 2025-03-05 | Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library (versions 1.7.13 to 1… |
CVE-2024-5020 | Medium | 6.4 | 2024-12-04 | Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in… |
CVE-2024-6870 | Medium | 6.4 | 2024-08-22 | The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4… |
CVE-2023-49174 | Medium | 5.9 | 2023-12-15 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS… |
CVE-2025-12359 | Medium | 5.4 | 2025-11-19 | The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'get_im… |
CVE-2026-2479 | Medium | 5.0 | 2026-02-25 | The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to… |