Cross-site Scripting Vulnerability in GhozyLab Gallery Lightbox Plugin
CVE-2025-57966

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Gallery Lightbox
Vendor: CVE Published:; 22 September 2025

What is CVE-2025-57966?

The GhozyLab Gallery Lightbox plugin for WordPress has a vulnerability that allows for stored Cross-site Scripting (XSS) attacks due to improper input neutralization during web page generation. This issue could potentially allow attackers to execute arbitrary JavaScript code in the context of the user's browser, leading to unauthorized actions, data theft, and loss of user trust. Users of Gallery Lightbox versions up to 1.0.0.41 should prioritize updating their plugin to mitigate this security risk.

Affected Version(s)

Gallery Lightbox <= 1.0.0.41

References

https://patchstack.com/database/wordpress/plugin/gallery-...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 22, 2025
Vulnerability Reserved
Aug 22, 2025

Credit

Prissy (Patchstack Alliance)

JSON