exploitDog

GHSA-f7g9-mhw7-w4wj

Опубликовано: 12 мая 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.8

Описание

The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks.

The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks.

Ссылки

EPSS

Процентиль: 30%

0.0011

Низкий

6.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-3649

CVSS3: 6.8

nvd

9 месяцев назад

The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks.

EPSS

Процентиль: 30%

0.0011

Низкий

6.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79