cleantalk
Vulnerabilities and Security Researches

Lightbox & Modal Popup WordPress Plugin – FooBox, CVE-2024-3276

CVE, Research URL

CVE-2024-3276

Home page URL

Security reports for Lightbox & Modal Popup WordPress Plugin – FooBox

Application

Lightbox & Modal Popup WordPress Plugin – FooBox

Published on
Jun 18, 2024
Research Description
The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max 2.7.28.
Status
vulnerable
Previous vulnerability researches
Lightbox & Modal Popup WordPress Plugin – FooBox (5dc69dd92e950c2b7066ae0f78c4cbcbc5dc3374) , Jun 06, 2024
Lightbox & Modal Popup WordPress Plugin – FooBox (CVE-2024-3276) , Jun 06, 2024
Lightbox & Modal Popup WordPress Plugin – FooBox (CVE-2024-5668) , Aug 09, 2024
Lightbox & Modal Popup WordPress Plugin – FooBox , Jul 25, 2024
Lightbox & Modal Popup WordPress Plugin – FooBox (CVE-2025-32139) , Apr 05, 2025
New vulnerability
Simple WP Events (CVE-2025-2004) , Apr 09, 2025
Advanced Advertising System (CVE-2025-3433) , Apr 09, 2025
Melhor Envio (CVE-2024-13820) , Apr 09, 2025
AAWP Obfuscator (CVE-2025-3432) , Apr 09, 2025
coreActivity: Activity Logging plugin for WordPress (CVE-2025-3436) , Apr 09, 2025