The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-08-09T12:35:45

Updated: 2024-08-06T03:38:56.525Z

Reserved: 2019-08-09T00:00:00

Link: CVE-2016-10865

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2019-08-09T13:15:11.573

Modified: 2019-08-15T13:26:25.280

Link: CVE-2016-10865

cve-icon Redhat

No data.