Stored Cross-Site Scripting Vulnerability in Firelight Lightbox by FirelightWP
CVE-2025-52707

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Firelight Lightbox
Vendor: CVE Published:; 20 June 2025

What is CVE-2025-52707?

The Firelight Lightbox plugin for WordPress contains a vulnerability that allows for Stored Cross-Site Scripting (XSS) attacks due to improper handling of user input in web page generation. This exploit can lead to malicious code execution on user browsers if the site processes unfiltered input. Affected versions include all versions prior to 2.3.16, leaving users at risk of data theft and site compromise.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Firelight Lightbox <= 2.3.16

References

https://patchstack.com/database/wordpress/plugin/easy-fan...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 20, 2025
Vulnerability Reserved
Jun 19, 2025

Credit

Prissy (Patchstack Alliance)

JSON

WordPress