cleantalk
Vulnerabilities and Security Researches

Easy FancyBox – WordPress Lightbox Plugin, CVE-2025-52707

CVE, Research URL

CVE-2025-52707

Home page URL

Security reports for Easy FancyBox – WordPress Lightbox Plugin

Application

Easy FancyBox – WordPress Lightbox Plugin

Published on
Jun 20, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FirelightWP Firelight Lightbox allows Stored XSS. This issue affects Firelight Lightbox: from n/a through 2.3.16.
Affected versions
Min -, max 2.3.17.
Status
vulnerable
Previous vulnerability researches
Disable Bloat for WordPress & WooCommerce (da056b4785dd3a16c372e107c4df80bdedde5b0c) , Jun 07, 2024
New vulnerability
WP SoundSystem (CVE-2025-6258) , Jun 30, 2025
Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes (CVE-2025-49973) , Jun 30, 2025
Post Carousel Slider for Elementor (CVE-2025-3863) , Jun 30, 2025
WP User Stylesheet Switcher (CVE-2025-52792) , Jun 30, 2025
Easy FancyBox – WordPress Lightbox Plugin (CVE-2025-52707) , Jun 30, 2025