The Lightbox plugin for WordPress is vulnerable to a type of security issue called Stored Cross-Site Scripting. This security issue affects versions of the plugin up to and including version 1.6.7. It allows unauthenticated attackers to add malicious web scripts to certain pages, which can then run automatically whenever a user accesses them. Unfortunately, this is possible because the plugin does not properly check the content of the page and does not protect it from malicious scripts.