cleantalk
Vulnerabilities and Security Researches

Responsive Lightbox & Gallery, CVE-2025-60452

CVE, Research URL

CVE-2025-60452

Home page URL

Security reports for Responsive Lightbox & Gallery

Application

Responsive Lightbox & Gallery

Published on
Oct 03, 2025
Research Description
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\download_admin.class.php component. The vulnerability allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed by users.
Affected versions
max 2.5.3.
Status
vulnerable
Previous vulnerability researches
Magento 2 WordPress Integration (CVE-2025-58669) , Oct 11, 2025
New vulnerability
WP Landing Page (CVE-2025-13629) , Dec 10, 2025
Realty Portal (CVE-2025-11985) , Dec 10, 2025
YouTube Subscribe (CVE-2025-12025) , Dec 10, 2025
Beaver Builder – WordPress Page Builder (CVE-2025-12782) , Dec 10, 2025
Beaver Builder – WordPress Page Builder (CVE-2025-11726) , Dec 10, 2025