Documentation: Home / Vulnerabilities / Input validation vulnerability in Responsive Lightbox & Gallery 2.4.8

Latest

Input validation vulnerability in Responsive Lightbox & Gallery 2.4.8

CVE-2024-5020

Severity: medium-risk
Status: Fixed
Publication: December 3, 2024

Several plugins used on WordPress websites are at risk of a type of hacking called Stored Cross-Site Scripting. This happens because the plugins use a JavaScript library called FancyBox that is not properly protected against malicious code. As a result, attackers who have contributor-level access or higher can add their own harmful code to a webpage and trick users into running it when they visit that page.

Detected in:

Accordion Slider fixed vulnerable versions: >= * <= 1.9.12

Carousel, Slider, Gallery by WP Carousel – Image Carousel with Lightbox & Photo Gallery, Video Slider, Post Carousel & Post Grid, Product Carousel & Product Grid fixed vulnerable versions:

Colibri Page Builder fixed vulnerable versions: >= * <= 1.0.286

Easy Social Feed Premium fixed vulnerable versions:

Easy Social Feed Pro fixed vulnerable versions:

FancyBox for WordPress fixed vulnerable versions: >= * <= 3.3.4

Firelight Lightbox fixed vulnerable versions:

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder fixed vulnerable versions: >= * <= 1.15.27

FV Flowplayer Video Player fixed vulnerable versions: >= * <= 7.5.47.7212

Gallery Plugin for WordPress – Envira Photo Gallery fixed vulnerable versions: >= * <= 1.8.15

Getwid – Gutenberg Blocks fixed vulnerable versions: >= * <= 2.0.11

Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates fixed vulnerable versions:

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery fixed vulnerable versions:

Responsive Lightbox & Gallery fixed vulnerable versions: >= * <= 2.4.8

Visual Portfolio, Photo Gallery & Post Grid fixed vulnerable versions: >= * <= 3.3.9

WPC Smart Quick View for WooCommerce fixed vulnerable versions: >= * <= 4.1.1

Open source

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Incorrect?

Is this information incorrect? Please leave us a message.

Latest

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 not found errors

Protecting site visitors with Security Headers

Hardening your website’s security

Input validation vulnerability in Responsive Lightbox & Gallery 2.4.8

Detected in:

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

Get Started

About

Popular articles

Latest

Passkeys: no need for Limit Login Attempts?

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 not found errors

Protecting site visitors with Security Headers

Hardening your website’s security

Input validation vulnerability in Responsive Lightbox & Gallery 2.4.8

Detected in:

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

Get Started

About

Popular articles