Lightbox Slider – Responsive Lightbox Gallery
Approved changes feed: RSS · Atom
cpe:2.3:a:weblizar:lightbox_slider_–_responsive_lightbox_gallery:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Weblizar (728a5648-dc27-5b44-841d-3675ae66fe14) |
|---|---|
| Product | Lightbox Slider – Responsive Lightbox Gallery (06185669-058c-5d16-84cd-0ea2f36ad174) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-49280 |
vulnerable | 2026-06-08 06:50:13.353374 |
WordPress Lightbox slider -- Responsive Lightbox Gallery plugin <= 1.10.6 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weblizar - WordPress Themes & Plugin Lightbox slider – Responsive Lightbox Gallery simple-lightbox-gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n/a through <= 1.10.6.
Published: 2024-10-17T19:16:52.517Z
Updated: 2026-04-28T16:10:24.552Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1858 |
vulnerable | 2026-06-08 06:27:14.729396 |
Lightbox slider – Responsive Lightbox Gallery <= 1.9.9 - Authenticated (Contributor+) PHP Object Injection
MEDIUM (5.4)
The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through post meta data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Published: 2024-03-29T06:43:59.098Z
Updated: 2026-04-08T16:53:14.108Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.