Dfactory

Responsive Lightbox

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-5093

Exploit
  • EPSS 0.03%
  • Veröffentlicht 27.06.2025 06:15:26
  • Zuletzt bearbeitet 01.07.2025 17:42:09

The Responsive Lightbox & Gallery WordPress plugin before 2.5.2 use the Swipebox library which does not validate and escape title attributes before outputting them back in a page/post where used, which could allow users with the contributor role and ...

6.8

CVE-2025-3742

Exploit
  • EPSS 0.12%
  • Veröffentlicht 15.05.2025 06:00:02
  • Zuletzt bearbeitet 04.06.2025 16:25:29

The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site S...

6.4

CVE-2024-5667

  • EPSS 0.12%
  • Veröffentlicht 05.03.2025 10:15:18
  • Zuletzt bearbeitet 05.03.2025 10:15:18

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library (versions 1.7.13 to 1.7.14) in various versions due to insufficient input sanitization and output escaping on use...

6.4

CVE-2024-5020

  • EPSS 0.25%
  • Veröffentlicht 04.12.2024 09:15:04
  • Zuletzt bearbeitet 04.12.2024 09:15:04

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplie...

9.8

CVE-2024-43924

  • EPSS 0.27%
  • Veröffentlicht 23.10.2024 08:15:03
  • Zuletzt bearbeitet 06.11.2024 17:03:52

Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7.

5.9

CVE-2024-49282

  • EPSS 0.12%
  • Veröffentlicht 17.10.2024 20:15:11
  • Zuletzt bearbeitet 18.10.2024 12:52:33

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in dFactory Responsive Lightbox allows Stored XSS.This issue affects Responsive Lightbox: from n/a through 2.4.8.

5.4

CVE-2024-6870

  • EPSS 0.25%
  • Veröffentlicht 22.08.2024 10:15:05
  • Zuletzt bearbeitet 27.09.2024 00:52:03

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping affecting the rl_upload_image ...

5.4

CVE-2023-49174

  • EPSS 0.12%
  • Veröffentlicht 15.12.2023 15:15:08
  • Zuletzt bearbeitet 21.11.2024 08:32:58

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5.

6.1

CVE-2017-2243

  • EPSS 0.45%
  • Veröffentlicht 07.07.2017 13:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.