cleantalk
Vulnerabilities and Security Researches

Easy FancyBox – WordPress Lightbox Plugin, CVE-2025-5035

CVE, Research URL

CVE-2025-5035

Home page URL

Security reports for Easy FancyBox – WordPress Lightbox Plugin

Application

Easy FancyBox – WordPress Lightbox Plugin

Published on
Jun 27, 2025
Research Description
The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page, which could allow users with a role as low as contributors to perform stored Cross-Site Scripting attacks.
Affected versions
max 2.3.16.
Status
vulnerable
Previous vulnerability researches
Elementor Header & Footer Builder (CVE-2025-9703) , Apr 26, 2026
Elementor Header & Footer Builder (CVE-2024-11230) , Dec 24, 2024
Elementor Header & Footer Builder (CVE-2024-10325) , Nov 09, 2024
Elementor Header & Footer Builder (CVE-2024-10050) , Oct 25, 2024
Elementor Header & Footer Builder (CVE-2025-60448) , Dec 10, 2025
New vulnerability
Link Whisper Free (CVE-2026-1900) , Apr 27, 2026
Easy FancyBox – WordPress Lightbox Plugin (CVE-2025-5035) , Apr 26, 2026
Elementor Header & Footer Builder (CVE-2025-9703) , Apr 26, 2026
Event Tickets Manager for WooCommerce – Events and Bookings Calendar, Registration, Event Check-in Using Emails, Edit Your T (CVE-2026-34898) , Apr 26, 2026
Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2024-8860) , Apr 26, 2026