Lightpress: >> Lightbox >> 2.3.1 Security Vulnerabilities
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks.
CVSS Score
6.8
EPSS Score
0.001
Published
2025-05-12