cleantalk
Vulnerabilities and Security Researches

LightGallery WP, CVE-2025-5092

CVE, Research URL

CVE-2025-5092

Home page URL

Security reports for LightGallery WP

Application

LightGallery WP

Published on
Nov 20, 2025
Research Description
Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library (<= 2.8.3) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.0.5.
Status
vulnerable
Previous vulnerability researches
Frontend File Manager Plugin (CVE-2025-14804) , Jan 28, 2026
Frontend File Manager Plugin (CVE-2026-25005) , Feb 28, 2026
Frontend File Manager Plugin (CVE-2025-64265) , Dec 10, 2025
Frontend File Manager Plugin (CVE-2025-13382) , Dec 10, 2025
Frontend File Manager Plugin (CVE-2025-27358) , Jul 06, 2025
New vulnerability
Breeze &#8211; WordPress Cache Plugin (CVE-2026-3844) , Apr 24, 2026
AI Engine (CVE-2025-8268) , Apr 24, 2026
Video gallery and Player (CVE-2026-6443) , Apr 24, 2026
Master Slider &#8211; Responsive Touch Slider (CVE-2025-58025) , Apr 24, 2026
Trending/Popular Post Slider and Widget (CVE-2026-6443) , Apr 24, 2026