Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2
Critical0
High0
Medium2
Reset
Showing 1-2 of 2 records
Threat Entry Updated 2026-04-08

CVE-2026-4379 - Lightpress Lightbox Plugin

The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `group` attribute in the `[gallery]` shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the `group` attribute value without proper escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Lightpress Lightbox

CVE-2026-4379

MEDIUM CVSS 6.4 2026-04-08
Open Full Technical Breakdown
Threat Entry Updated 2025-06-05

CVE-2025-3649 - Lightpress Lightbox Plugin

The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks.

PLUGIN Lightpress Lightbox

CVE-2025-3649

MEDIUM CVSS 6.8 2025-05-12
Open Full Technical Breakdown
Scroll to top