cleantalk
Vulnerabilities and Security Researches

Lunar – Sell photos online, CVE-2025-28936

CVE, Research URL

CVE-2025-28936

Home page URL

Security reports for Lunar – Sell photos online

Application

Lunar – Sell photos online

Published on
Mar 12, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sakurapixel Lunar allows Stored XSS. This issue affects Lunar: from n/a through 1.3.0.
Affected versions
Min -, max 1.3.0.
Status
vulnerable
Previous vulnerability researches
JSM Screenshot Machine Shortcode (CVE-2024-13385) , Jan 19, 2025
New vulnerability
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-2104) , Mar 14, 2025
WP Last Modified (CVE-2025-28907) , Mar 13, 2025
Lunar – Sell photos online (CVE-2025-28936) , Mar 13, 2025
Skrill Official (CVE-2025-28876) , Mar 13, 2025
WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins (CVE-2025-2250) , Mar 13, 2025