CVE-2024-5878 – WordPress SimpleLightbox Stored Cross-Site Scripting Vulnerability

May 20, 2025

CVE ID : CVE-2024-5878

Published : May 20, 2025, 8:15 a.m. | 20 minutes ago

Description : Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin’s bundled SimpleLightbox JavaScript library (version 2.1.5) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2929 – “WordPress Order Delivery Date Reflected Cross-Site Scripting”

Next Article Rilasciato Niri 25.05: Il Compositore Wayland si Rinnova con la Panoramica degli Spazi di Lavoro

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Microsoft is replacing salespeople with “solutions engineers” amid recent layoffs — promoting Copilot AI while ChatGPT dominates the enterprise sector

Microsoft’s extra year of Windows 10 security updates isn’t a “viable solution” for the 400 million PCs that can’t upgrade to Windows 11 — “It’s obvious users are frustrated and feel yanked around.”

OpenAI almost shipped ChatGPT with a different name — before a late-night twist

The dog days of JavaScript summer

The dog days of JavaScript summer

Databricks Lakebase – Database Branching in Action

Flutter + GitHub Copilot = Your New Superpower

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Microsoft is replacing salespeople with “solutions engineers” amid recent layoffs — promoting Copilot AI while ChatGPT dominates the enterprise sector

Microsoft’s extra year of Windows 10 security updates isn’t a “viable solution” for the 400 million PCs that can’t upgrade to Windows 11 — “It’s obvious users are frustrated and feel yanked around.”

CVE-2024-5878 – WordPress SimpleLightbox Stored Cross-Site Scripting Vulnerability

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

CVE-2025-47665 – Bistromatic N360 Splash Screen Stored Cross-site Scripting Vulnerability

CVE-2025-6522 – Sight Bulb Pro Root Shell Command Injection Vulnerability

Are you paying more for cable and internet? It’s bad all over

Linux Kernel Flaw (CVE-2023-0386) Actively Exploited for Root Privilege Escalation, PoC Available

A Microsoft engineer made a Linux distro that’s like a comfort blanket to ex-Windows users — I finally tried it, and I’m surprised how good it is

CodeSOD: Classic WTF: When it’s OK to GOTO

I upgraded my Pixel 9 Pro to Android 16 – here’s what I love (and what’s still missing)

Keyless Entry Vulnerability (CVE-2025-6029) Threatens KIA Vehicles in Ecuador, Researcher Reports

CVE-2024-5878 – WordPress SimpleLightbox Stored Cross-Site Scripting Vulnerability

Related Posts