CVE-2025-3597 – Firelight Lightbox WordPress Plugin Cross-Site Scripting Vulnerability

May 12, 2025

CVE ID : CVE-2025-3597

Published : May 12, 2025, 6:15 a.m. | 2 hours, 17 minutes ago

Description : The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free version too, making it theoretically exploitable there as well.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4559 – Netvision ISOinsight SQL Injection

Next Article CVE-2025-4558 – WormHole Tech GPM Unauthenticated Password Change Vulnerability

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-3597 – Firelight Lightbox WordPress Plugin Cross-Site Scripting Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

CVE-2025-5633 – Content Management System and News-Buzz SQL Injection Vulnerability

CVE-2025-27457 – RealVNC Unencrypted Communication Information Disclosure

CVE-2025-46760 – Apache HTTP Server Authentication Bypass

CVE-2025-47154 – Ladybird LibJS Use-After-Free Remote Code Execution Vulnerability

Fix Elden Ring Nightreign Crashing on Windows PC [Step-by-Step Guide]

Windows BitLocker Bypass Vulnerability Let Attackers Bypass Security Feature

How UX and Marketing Are Saying the Same Things, Differently

CVE-2025-20309 affects Cisco Unified CM

CVE-2025-3597 – Firelight Lightbox WordPress Plugin Cross-Site Scripting Vulnerability

Related Posts