本页列出影响 dfactory responsive_lightbox 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-5093 | The Responsive Lightbox & Gallery WordPress plugin before 2.5.2 use the Swipebox library which does not validate and escape title attributes before outputting them back in a page/post where used, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | [email protected] | 5.4 | 0.14% | 2025-06-27 | 2025-07-01 |
| CVE-2025-3742 | The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | [email protected] | 6.8 | 0.34% | 2025-05-15 | 2025-06-04 |
| CVE-2024-43924 | Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7. | [email protected] | 5.3 | 0.27% | 2024-10-23 | 2024-11-06 |
| CVE-2024-6870 | The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping affecting the rl_upload_image AJAX endpoint. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the 3gp2 file. | [email protected] | 6.4 | 0.25% | 2024-08-22 | 2024-09-27 |
| CVE-2023-49174 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5. | [email protected] | 5.9 | 0.13% | 2023-12-15 | 2026-04-28 |
| CVE-2017-2243 | Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 6.1 | 0.45% | 2017-07-07 | 2026-05-13 |