cleantalk
Vulnerabilities and Security Researches

WP Colorbox, CVE-2025-49397

CVE, Research URL

CVE-2025-49397

Home page URL

Security reports for WP Colorbox

Application

WP Colorbox

Published on
Aug 20, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Colorbox Lightbox allows Stored XSS. This issue affects Colorbox Lightbox: from n/a through 1.1.5.
Affected versions
Min -, max 1.1.6.
Status
vulnerable
Previous vulnerability researches
Cookies and Content Security Policy (CVE-2025-51529) , Aug 20, 2025
Cookies and Content Security Policy (CVE-2023-40662) , Jun 07, 2024
New vulnerability
Simple Login Log (CVE-2025-49438) , Aug 23, 2025
SensorPress (CVE-2025-49409) , Aug 23, 2025
Notice Bar (CVE-2025-49389) , Aug 23, 2025
Testimonial (CVE-2025-49410) , Aug 23, 2025
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) (CVE-2025-8607) , Aug 23, 2025