Stored Cross-Site Scripting Vulnerability in Firelight Lightbox by FirelightWP
CVE-2025-52707
6.5MEDIUM
What is CVE-2025-52707?
The Firelight Lightbox plugin for WordPress contains a vulnerability that allows for Stored Cross-Site Scripting (XSS) attacks due to improper handling of user input in web page generation. This exploit can lead to malicious code execution on user browsers if the site processes unfiltered input. Affected versions include all versions prior to 2.3.16, leaving users at risk of data theft and site compromise.
Affected Version(s)
Firelight Lightbox <= 2.3.16