CVE-2025-5035 Information

Jun 28, 2025 cve

Description

The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page which could allow users with a role as low as contributors to perform stored Cross-Site Scripting attacks.

Reference

https://wpscan.com/vulnerability/5dca30af-4624-4a71-93be-00fa8dc00c97/ https://wpscan.com/vulnerability/5dca30af-4624-4a71-93be-00fa8dc00c97/

CNNVD-202506-3412 (Published: 2025-06-27)

Share on:

CVE-2025-5035 Information

Description

Reference

Related CNNVD