cleantalk
Vulnerabilities and Security Researches

Lightbox & Modal Popup WordPress Plugin – FooBox, CVE-2025-5537

CVE, Research URL

CVE-2025-5537

Home page URL

Security reports for Lightbox & Modal Popup WordPress Plugin – FooBox

Application

Lightbox & Modal Popup WordPress Plugin – FooBox

Published on
Jul 08, 2025
Research Description
The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alternative texts in all versions up to, and including, 2.7.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.7.35.
Status
vulnerable
Previous vulnerability researches
Easy Stripe (CVE-2025-49302) , Jul 08, 2025
New vulnerability
Lightbox & Modal Popup WordPress Plugin – FooBox (CVE-2025-5537) , Jul 09, 2025
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2025-6244) , Jul 09, 2025
AI Engine (CVE-2025-5570) , Jul 09, 2025
Guest Support – Complete customer support ticket system for WordPress (CVE-2025-5957) , Jul 08, 2025
Contact Form 7 reCAPTCHA (CVE-2025-23972) , Jul 08, 2025