CVE-2025-3649 | LightPress Lightbox Plugin up to 2.3.3 on WordPress Non-Javascript URL cross site scripting

Inserito da Angelo Barbosa | Mag 12, 2025 | CVE

A vulnerability, which was classified as problematic, has been found in LightPress Lightbox Plugin up to 2.3.3 on WordPress. This issue affects some unknown processing of the component Non-Javascript URL Handler. The manipulation leads to cross site scripting.

The identification of this vulnerability is CVE-2025-3649. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-3649 | LightPress Lightbox Plugin up to 2.3.3 on WordPress Non-Javascript URL cross site scripting

Post correlati

CVE-2023-6311 | SourceCodester Loan Management System 1.0 Loan Type Page delete_ltype.php delete_ltype ltype_id sql injection

CVE-2024-8479 | Simple Spoiler Plugin 1.2/1.3 on WordPress Shortcode Remote Code Execution

CVE-2024-8222 | SourceCodester Music Gallery Site 1.0 id sql injection

CVE-2024-4970 | Widget Bundle Plugin up to 2.0.0 on WordPress Setting cross site scripting