Responsive Lightbox & Gallery < 2.5.3 - Unauthenticated Stored-XSS via...

6.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Description

The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks.

Basic Information

ID CVE-2025-9710

Source WPScan

Published Oct 6, 2025 at 06:00

Modified Oct 6, 2025 at 18:50

Affected Product

Vendor Unknown

Product Responsive Lightbox & Gallery

Affected Versions Unknown Responsive Lightbox & Gallery 0

CWE Classification

References

wpscan.com /vulnerability/a45c74b7-b174-479f-9681-464601b082df/

{
    "lastseen": "",
    "description": "The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks.",
    "published": "2025-10-06T06:00:06.607Z",
    "modified": "2025-10-06T18:50:04.946Z",
    "type": "cve",
    "title": "Responsive Lightbox & Gallery < 2.5.3 - Unauthenticated Stored-XSS via Comments",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/a45c74b7-b174-479f-9681-464601b082df/",
    "id": "CVE-2025-9710",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown Responsive Lightbox & Gallery 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Responsive Lightbox & Gallery",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Responsive Lightbox & Gallery < 2.5.3 - Unauthenticated Stored-XSS via Comments_CVE-2025-9710