cleantalk
Vulnerabilities and Security Researches

Portfolio Gallery, Product Catalog – Grid KIT Portfolio, CVE-2025-5092

CVE, Research URL

CVE-2025-5092

Home page URL

Security reports for Portfolio Gallery, Product Catalog – Grid KIT Portfolio

Application

Portfolio Gallery, Product Catalog – Grid KIT Portfolio

Published on
Nov 20, 2025
Research Description
Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library (<= 2.8.3) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 2.2.2.
Status
vulnerable
Previous vulnerability researches
Ghost Kit – Page Builder Blocks &amp; Extensions (CVE-2025-9992) , Apr 23, 2026
Ghost Kit – Page Builder Blocks &amp; Extensions (CVE-2025-53567) , Jul 20, 2025
New vulnerability
Popup Builder &#8211; Create highly converting, mobile friendly marketing popups. (CVE-2025-9856) , Apr 24, 2026
MaxiBlocks Free Page Builder &amp; Template Library (CVE-2025-58968) , Apr 24, 2026
POST SMTP &#8211; The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications (CVE-2025-9219) , Apr 24, 2026
Gutentor &#8211; Gutenberg Blocks &#8211; Page Builder for Gutenberg Editor (CVE-2026-2951) , Apr 24, 2026
Revive.so &#8211; Bulk Rewrite and Republish Blog Posts (CVE-2025-59551) , Apr 24, 2026