- EPSS 0.03%
- Veröffentlicht 25.02.2026 08:25:30
- Zuletzt bearbeitet 25.02.2026 14:15:29
The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of `strpos()` for substring-based hostname validation instead of strict host compa...
CVE-2025-12359
- EPSS 0.05%
- Veröffentlicht 19.11.2025 05:45:14
- Zuletzt bearbeitet 19.11.2025 19:14:59
The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'get_image_size_by_url' function. This is due to insufficient validation of user-supplied URLs whe...
CVE-2024-5667
- EPSS 0.12%
- Veröffentlicht 05.03.2025 10:15:18
- Zuletzt bearbeitet 05.03.2025 10:15:18
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library (versions 1.7.13 to 1.7.14) in various versions due to insufficient input sanitization and output escaping on use...
CVE-2024-5020
- EPSS 0.25%
- Veröffentlicht 04.12.2024 09:15:04
- Zuletzt bearbeitet 04.12.2024 09:15:04
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplie...
CVE-2024-31252
- EPSS 0.41%
- Veröffentlicht 09.06.2024 12:15:10
- Zuletzt bearbeitet 26.11.2024 16:03:54
Missing Authorization vulnerability in dFactory Responsive Lightbox.This issue affects Responsive Lightbox: from n/a through 2.4.6.