Medium 6.1
2026-05-01< 2.7.34
CVE-2024-13362
Lightbox & Modal Popup WordPress Plugin – FooBox
Minimum safe version
2.7.35
Update to 2.7.35 or later to address 16 fixable vulnerabilities
Latest available2.7.41 ✓
Medium 6.4
2025-07-08< 2.7.35
Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.34 - Authenticated (Author+) Stored Cross-Site Scripting
Medium 5.9
2025-04-10< 2.7.34
CVE-2025-32139
Medium 6.3
2024-10-16< 2.7.17
Freemius SDK <= 2.4.2 - Missing Authorization Checks
Medium 5.4
2024-08-08< 2.7.32
CVE-2024-5668
Medium 4.8
2024-06-18< 2.7.28
CVE-2024-3276
N/A
2023-07-18< 2.7.27
WordPress FooBox Image Lightbox Plugin < 2.7.27 is vulnerable to Cross Site Scripting (XSS)
N/A
< 1.0.5
FooBox Image Lightbox <= 1.0.4 - Cross-Site Scripting (XSS)
N/A
2019-02-25< 2.6.4
Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update
N/A
2022-03-04< 2.7.17
Freemius SDK <= 2.4.2 - Missing Authorization Checks
N/A
< 2.6.4
Freemius Library < 2.2.4 - Subscriber+ Arbitrary Option Update
N/A
< 2.7.17
Unauthorised AJAX Calls via Freemius
N/A
2015-04-16< 1.0.5
WordPress FooBox Image Lightbox Plugin <= 1.0.4 - Cross Site Scripting
N/A
2019-03-02< 2.6.4
WordPress FooBox Image Lightbox plugin <= 2.6.3 - Authenticated Option Update vulnerability (Fremius Library security issue)
N/A
2022-02-28< 2.7.17
WordPress FooBox Image Lightbox plugin < 2.7.17 - Sensitive Information Disclosure vulnerability
N/A
2022-02-28< 2.7.17
WordPress FooBox Image Lightbox plugin < 2.7.17 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability