Lightpress Lightbox
2 CVEs affecting Lightpress Lightbox. Latest disclosed: 2025-05-12. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-3649 | Medium | 6.8 | 2025-05-12 | The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contr… |
CVE-2024-5425 | Medium | 6.4 | 2024-06-07 | The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4… |