The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 06 Oct 2025 06:15:00 +0000

Type Values Removed Values Added
Description The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks.
Title Responsive Lightbox & Gallery < 2.5.3 - Unauthenticated Stored-XSS via Comments
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2025-10-06T06:00:06.607Z

Reserved: 2025-08-29T18:48:14.022Z

Link: CVE-2025-9710

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-10-06T06:15:37.467

Modified: 2025-10-06T06:15:37.467

Link: CVE-2025-9710

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.