Vulnerabilities and security researches forresponsive-lightbox responsive-lightbox
Direction: descendingMay 19, 2025
Responsive Lightbox & Gallery # CVE-2025-3742
- CVE, Research URL
- Home page URL
- Application
- Date
- May 15, 2025
- Research Description
- The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Mar 07, 2025
Responsive Lightbox & Gallery # CVE-2024-5667
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 05, 2025
- Research Description
- Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library (versions 1.7.13 to 1.7.14) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Dec 06, 2024
Responsive Lightbox & Gallery # CVE-2024-5020
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 04, 2024
- Research Description
- Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Oct 19, 2024
Responsive Lightbox & Gallery # CVE-2024-49282
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 18, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in dFactory Responsive Lightbox allows Stored XSS.This issue affects Responsive Lightbox: from n/a through 2.4.8.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Aug 29, 2024
Responsive Lightbox & Gallery # CVE-2024-43924
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 23, 2024
- Research Description
- Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Aug 22, 2024
Responsive Lightbox & Gallery # CVE-2024-6870
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 22, 2024
- Research Description
- The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping affecting the rl_upload_image AJAX endpoint. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the 3gp2 file.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 07, 2024
Responsive Lightbox & Gallery # CVE-2013-6837
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 19, 2013
- Research Description
- Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Responsive Lightbox & Gallery # CVE-2017-2243
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 07, 2017
- Research Description
- Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Responsive Lightbox & Gallery # CVE-2023-49174
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 15, 2023
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Responsive Lightbox & Gallery # CVE-2024-31252
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 09, 2024
- Research Description
- Missing Authorization vulnerability in dFactory Responsive Lightbox.This issue affects Responsive Lightbox: from n/a through 2.4.6.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 06, 2024
Responsive Lightbox & Gallery # PSC-2024-29638
- PSC, Research URL
- Home page URL
- Application
- Date
- -
- Research Description
- The "Responsive Lightbox & Gallery" plugin, version 2.5.1, has achieved the prestigious Plugin Security Certification (PSC) from CleanTalk, ensuring enhanced security for all its users. This certification marks a significant milestone in the plugin’s commitment to providing a secure, robust, and user-friendly solution for creating and managing galleries and lightboxes on WordPress websites.
- Affected versions
-
Min -, max -.
- Status
-
SAFE & CERTIFIED