Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2
Critical0
High0
Medium2
Reset
Showing 1-2 of 2 records
Threat Entry Updated 2025-07-01

CVE-2025-5035 - Firelight Lightbox Plugin

The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page, which could allow users with a role as low as contributors to perform stored Cross-Site Scripting attacks.

PLUGIN Firelight Lightbox

CVE-2025-5035

MEDIUM CVSS 5.4 2025-06-27
Open Full Technical Breakdown
Threat Entry Updated 2025-06-05

CVE-2025-3597 - Firelight Lightbox Plugin

The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free version too, making it theoretically exploitable there as well.

PLUGIN Firelight Lightbox

CVE-2025-3597

MEDIUM CVSS 5.9 2025-05-12
Open Full Technical Breakdown
Scroll to top