CVE-2024-5878 – WordPress SimpleLightbox Stored Cross-Site Scripting Vulnerability

May 20, 2025

CVE ID : CVE-2024-5878

Published : May 20, 2025, 8:15 a.m. | 20 minutes ago

Description : Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin’s bundled SimpleLightbox JavaScript library (version 2.1.5) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2929 – “WordPress Order Delivery Date Reflected Cross-Site Scripting”

Next Article Rilasciato Niri 25.05: Il Compositore Wayland si Rinnova con la Panoramica degli Spazi di Lavoro

Stop writing tests: Automate fully with Generative AI

Opsera’s Codeglide.ai lets developers easily turn legacy APIs into MCP servers

Black Duck Security GitHub App, NuGet MCP Server preview, and more – Daily News Digest

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

This new Coros watch has 3 weeks of battery life and tracks way more – even fly fishing

5 ways automation can speed up your daily workflow – and implementation is easy

This new C-suite role is more important than ever in the AI era – here’s why

iPhone users may finally be able to send encrypted texts to Android friends with iOS 26

Creating Dynamic Real-Time Features with Laravel Broadcasting

Creating Dynamic Real-Time Features with Laravel Broadcasting

Understanding Tailwind CSS Safelist: Keep Your Dynamic Classes Safe!

Sitecore’s Content SDK: Everything You Need to Know

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Microsoft admits it broke “Reset this PC” in Windows 11 23H2 KB5063875, Windows 10 KB5063709

How to Fix “EA AntiCheat Has Detected an Incompatible Driver” on Windows 11?

CVE-2024-5878 – WordPress SimpleLightbox Stored Cross-Site Scripting Vulnerability

Investors beware: AI-powered financial scams swamp social media

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

CVE-2025-6526 – “70mai M300 HTTP Server Local Network Credential Exposure”

Stop waiting for an emergency to upgrade your home’s tech – there’s a better way

CVE-2025-47686 – DELUCKS SEO Cross-site Scripting

cgmnlm – colorful Gemini line mode client

CVE-2025-51534 – Austrian Archaeological Institute (AI) OpenAtlas Cross-Site Scripting (XSS)

Red Hat announces Advanced Developer Suite

CVE-2025-20234 – ClamAV UDF Denial of Service

CVE-2025-7413 – Code-projects Library System Unrestricted File Upload Vulnerability

CVE-2024-5878 – WordPress SimpleLightbox Stored Cross-Site Scripting Vulnerability

Related Posts