CVE-2025-3597 – Firelight Lightbox WordPress Plugin Cross-Site Scripting Vulnerability

May 12, 2025

CVE ID : CVE-2025-3597

Published : May 12, 2025, 6:15 a.m. | 2 hours, 17 minutes ago

Description : The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free version too, making it theoretically exploitable there as well.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4559 – Netvision ISOinsight SQL Injection

Next Article CVE-2025-4558 – WormHole Tech GPM Unauthenticated Password Change Vulnerability

tRPC vs GraphQL vs REST: Choosing the right API design for modern web applications

Jakarta EE 11 Platform launches with modernized Test Compatibility Kit framework

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

OpenAI started as a “countervailing force” to Google — did Elon Musk and Sam Altman torpedo DeepMind’s plans to dictate AGI?

Gears of War: Reloaded preorders — where to buy and everything you need to know

OpenAI’s Sam Altman breaks silence on Microsoft feud with Satya Nadella — citing “points of tension” amid evolution plans

Are Semantic Layers Sexy Again? or The Rise and Fall and Rise of Semantic Layers

Are Semantic Layers Sexy Again? or The Rise and Fall and Rise of Semantic Layers

Salesforce Marketing Cloud Engagement vs. Oracle Eloqua

Exploring Lucidworks Fusion and Coveo Using Apache Solr

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

OpenAI started as a “countervailing force” to Google — did Elon Musk and Sam Altman torpedo DeepMind’s plans to dictate AGI?

Gears of War: Reloaded preorders — where to buy and everything you need to know

CVE-2025-3597 – Firelight Lightbox WordPress Plugin Cross-Site Scripting Vulnerability

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

Apple Overhauls EU App Store Policy: New Fees & Open External Purchases After €500M Fine

Canada says Salt Typhoon hacked telecom firm via Cisco flaw

Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for “Donnie” Trump

Google’s Agent2Agent protocol finds new home at the Linux Foundation

How to Deploy Laravel Projects to Live Server: The Ultimate Guide

CVE-2025-4559 – Netvision ISOinsight SQL Injection

CVE-2025-41653 – Citrix Web Server Denial of Service

Rilasciato Darktable 5.2: l’editor di immagini RAW open-source con nuove funzionalità

CVE-2025-48753 – “Anode SpinLock Data Race Vulnerability”

CVE-2025-3597 – Firelight Lightbox WordPress Plugin Cross-Site Scripting Vulnerability

Related Posts