CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Firelightwp: >> Firelight Lightbox >> 2.3.15 Security Vulnerabilities

CVE-2025-5035

The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page, which could allow users with a role as low as contributors to perform stored Cross-Site Scripting attacks.

CVSS Score

5.4

EPSS Score

0.0

Published

2025-06-27

Page 1

Vulnerabilities

Vulnerable Software

Firelightwp: >> Firelight Lightbox >> 2.3.15 Security Vulnerabilities

Products

Pricing

Contact Us