CVE-2025-3597 – Firelight Lightbox WordPress Plugin Cross-Site Scripting Vulnerability

May 12, 2025

CVE ID : CVE-2025-3597

Published : May 12, 2025, 6:15 a.m. | 2 hours, 17 minutes ago

Description : The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free version too, making it theoretically exploitable there as well.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4559 – Netvision ISOinsight SQL Injection

Next Article CVE-2025-4558 – WormHole Tech GPM Unauthenticated Password Change Vulnerability

Highlights

CVE-2025-7027 – ASUS Firmware SMM Privilege Escalation Vulnerability

July 11, 2025

CVE ID : CVE-2025-7027

Published : July 11, 2025, 4:15 p.m. | 4 hours, 50 minutes ago

Description : A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control both the read and write addresses used by the CommandRcx1 function. The write target is derived from an unvalidated UEFI NVRAM variable (SetupXtuBufferAddress), while the write content is read from an attacker-controlled pointer based on the RBX register. This dual-pointer dereference enables arbitrary memory writes within System Management RAM (SMRAM), leading to potential SMM privilege escalation and firmware compromise.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-3597 – Firelight Lightbox WordPress Plugin Cross-Site Scripting Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

YONO SBI Banking App Vulnerability Let Attackers Execute a Man-in-the-Middle Attack

CVE-2025-49113: Roundcube RCE Exploit Unveiled—The Swiss Army Knife of Webmail Just Got a Weaponized Blade

CVE-2025-4650 – Apache Web Meta Service SQL Injection Vulnerability

Build an AI-powered automated summarization system with Amazon Bedrock and Amazon Transcribe using Terraform

CVE-2025-7027 – ASUS Firmware SMM Privilege Escalation Vulnerability

ChatGPT can now talk nerdy to you – plus more personalities and other upgrades beyond GPT-5

CVE-2025-32959 – CUBA Platform Denial of Service File Upload Vulnerability

Distribution Release: Red Hat Enterprise Linux 10.0

CVE-2025-3597 – Firelight Lightbox WordPress Plugin Cross-Site Scripting Vulnerability

Related Posts