Dfactory Responsive Lightbox — known CVE vulnerabilities
Every CVE whose affected-product data names Dfactory Responsive Lightbox, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2025-3742 — CVSS 6.8 (medium): The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them…
CVE-2024-6870 — CVSS 6.4 (medium): The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to…
CVE-2017-2243 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML…
CVE-2023-49174 — CVSS 5.9 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox &…
CVE-2025-5093 — CVSS 5.4 (medium): The Responsive Lightbox & Gallery WordPress plugin before 2.5.2 use the Swipebox library which does not validate and escape title…
CVE-2024-43924 — CVSS 5.3 (medium): Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This…