All 3 CVE vulnerabilities found in LightPress Lightbox, with AI-generated Chinese analysis, references, and POCs.
Vendor: firelightwp
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4379 | LightPress Lightbox <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group' Shortcode Attribute CWE-79 | 6.4 | Medium | 2026-04-08 |
| CVE-2025-3649 | LightPress Lightbox < 2.3.4 - Contributor+ Stored XSS | 5.4AI | MediumAI | 2025-05-12 |
| CVE-2024-5425 | WP jQuery Lightbox <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Attribute CWE-79 | 6.4 | Medium | 2024-06-07 |
All 3 known CVE vulnerabilities affecting LightPress Lightbox with full Chinese analysis, references, and POCs where available.