Vulnerability Details CVE-2016-10865
The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://wordpress.org/plugins/lightbox-plus/#developers
- https://www.pluginvulnerabilities.com/2016/04/05/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-lightbox-plus-colorbox/
- https://wordpress.org/plugins/lightbox-plus/#developers
- https://www.pluginvulnerabilities.com/2016/04/05/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-lightbox-plus-colorbox/
Products affected by CVE-2016-10865
-
cpe:2.3:a:23systems:lightbox_plus_colorbox:-
-
cpe:2.3:a:23systems:lightbox_plus_colorbox:2.7.2