N/A
2026-04-07< 2.3.5
LightPress Lightbox <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group' Shortcode Attribute
LightPress Lightbox
Minimum safe version
2.3.5
Update to 2.3.5 or later to address 3 fixable vulnerabilities
Latest available2.3.5 ✓
Medium 6.8
2025-05-12< 2.3.4
WordPress WP jQuery Lightbox Plugin < 2.3.4 is vulnerable to Cross Site Scripting (XSS)
Medium 5.4
2024-06-07< 1.5.5
CVE-2024-5425