CVE-2024-5878 – WordPress SimpleLightbox Stored Cross-Site Scripting Vulnerability

May 20, 2025

CVE ID : CVE-2024-5878

Published : May 20, 2025, 8:15 a.m. | 20 minutes ago

Description : Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin’s bundled SimpleLightbox JavaScript library (version 2.1.5) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2929 – “WordPress Order Delivery Date Reflected Cross-Site Scripting”

Next Article Rilasciato Niri 25.05: Il Compositore Wayland si Rinnova con la Panoramica degli Spazi di Lavoro

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

GPT-5 should have a higher “degree of scientific certainty” than the current ChatGPT — but with less model switching

Elon Musk’s Grok 3 AI coming to Azure proves Satya Nadella’s allegiance isn’t to OpenAI, but to maximizing Microsoft’s profit gains by heeding consumer demands

One of the most promising open-world RPGs in years is releasing next week on Xbox and PC

NVIDIA’s latest driver fixes some big issues with DOOM: The Dark Ages

Community News: Latest PECL Releases (05.20.2025)

Community News: Latest PECL Releases (05.20.2025)

Getting Started with Personalization in Sitecore XM Cloud: Enable, Extend, and Execute

Universal Design and Global Accessibility Awareness Day (GAAD)

GPT-5 should have a higher “degree of scientific certainty” than the current ChatGPT — but with less model switching

GPT-5 should have a higher “degree of scientific certainty” than the current ChatGPT — but with less model switching

Elon Musk’s Grok 3 AI coming to Azure proves Satya Nadella’s allegiance isn’t to OpenAI, but to maximizing Microsoft’s profit gains by heeding consumer demands

One of the most promising open-world RPGs in years is releasing next week on Xbox and PC

CVE-2024-5878 – WordPress SimpleLightbox Stored Cross-Site Scripting Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-30193 – DNSdist TCP Stack Exhaustion Denial of Service Vulnerability

TypeScript vs JavaScript: Which One to Choose in 2025?

matrix-commander – simple CLI-based Matrix client

The best record players of 2024: Expert tested and reviewed

Cohere AI Releases Aya23 Models: Transformative Multilingual NLP with 8B and 35B Parameter Models

Codrops The Collective

Hackers Exploit MS Equation Editor Vulnerability to Deploy XLoader Malware

Productivity and patience: How GitHub Copilot is expanding development horizons

The St. Louis Business Journal Recognizes Perficient with 2024 Innovation in HR Award

CVE-2024-5878 – WordPress SimpleLightbox Stored Cross-Site Scripting Vulnerability

Related Posts