Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Responsive_lightbox
(Dfactory)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-06-27 | CVE-2025-5093 | The Responsive Lightbox & Gallery WordPress plugin before 2.5.2 use the Swipebox library which does not validate and escape title attributes before outputting them back in a page/post where used, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | Responsive_lightbox | N/A | ||
| 2025-05-15 | CVE-2025-3742 | The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | Responsive_lightbox | N/A | ||
| 2023-12-15 | CVE-2023-49174 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5. | Responsive_lightbox | 5.4 | ||
| 2024-10-23 | CVE-2024-43924 | Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7. | Responsive_lightbox | 9.8 | ||
| 2024-08-22 | CVE-2024-6870 | The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping affecting the rl_upload_image AJAX endpoint. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the 3gp2 file. | Responsive_lightbox | 5.4 | ||
| 2017-07-07 | CVE-2017-2243 | Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | Responsive_lightbox | 6.1 |