cleantalk
Vulnerabilities and Security Researches

Responsive Lightbox & Gallery, CVE-2025-15386

CVE, Research URL

CVE-2025-15386

Home page URL

Security reports for Responsive Lightbox & Gallery

Application

Responsive Lightbox & Gallery

Published on
Feb 24, 2026
Research Description
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved.
Affected versions
max 2.6.1.
Status
vulnerable
Previous vulnerability researches
Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer (CVE-2024-3602) , Jun 21, 2024
New vulnerability
Visual Website Collaboration, Feedback & Project Management – Atarim (CVE-2026-25019) , Feb 27, 2026
Visual Website Collaboration, Feedback & Project Management – Atarim (CVE-2025-67993) , Feb 27, 2026
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress (CVE-2026-24965) , Feb 27, 2026
Nelio AB Testing (CVE-2026-25378) , Feb 27, 2026
VK All in One Expansion Unit (CVE-2025-11737) , Feb 27, 2026