Vulnerabilities and security researches forfoobox-image-lightbox foobox-image-lightbox

Jun 06, 2024

CVE, Research URL: 5dc69dd92e950c2b7066ae0f78c4cbcbc5dc3374
Home page URL: Security reports for Lightbox & Modal Popup WordPress Plugin – FooBox
Application: Lightbox & Modal Popup WordPress Plugin – FooBox
Date: Feb 28, 2022
Research Description: Lightbox & Modal Popup WordPress Plugin – FooBox [foobox-image-lightbox] < 1.0.5 WordPress FooBox Image Lightbox plugin < 2.7.17 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress FooBox Image Lightbox plugin (versions < 2.7.17).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-3276
Home page URL: Security reports for Lightbox & Modal Popup WordPress Plugin – FooBox
Application: Lightbox & Modal Popup WordPress Plugin – FooBox
Date: Jun 18, 2024
Research Description: The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max -.
Status: vulnerable

Jul 25, 2024

PSC, Research URL: PSC-2024-64517
Home page URL: Security reports for Lightbox & Modal Popup WordPress Plugin – FooBox
Application: Lightbox & Modal Popup WordPress Plugin – FooBox
Date: -
Research Description: FooBox is a lightbox plugin that was the first to fully embrace responsive design. It ensures that images not only scale beautifully on mobile devices but also rearranges button controls to suit both portrait and landscape orientations. With FooBox, adding a modal popup to your website images requires no setup, as it automatically integrates with WordPress galleries, captioned images, and attachment images.
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED

Aug 09, 2024

CVE, Research URL: CVE-2024-5668
Home page URL: Security reports for Lightbox & Modal Popup WordPress Plugin – FooBox
Application: Lightbox & Modal Popup WordPress Plugin – FooBox
Date: Aug 08, 2024
Research Description: The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Nov 14, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Lightbox & Modal Popup WordPress Plugin – FooBox
Application: Lightbox & Modal Popup WordPress Plugin – FooBox
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

Apr 05, 2025

CVE, Research URL: CVE-2025-32139
Home page URL: Security reports for Lightbox & Modal Popup WordPress Plugin – FooBox
Application: Lightbox & Modal Popup WordPress Plugin – FooBox
Date: -
Research Description: Lightbox & Modal Popup WordPress Plugin – FooBox [foobox-image-lightbox] <= 2.7.33 (unfixed) CVE-2025-32139
Affected versions: Min -, max -.
Status: vulnerable