CVE-2025-15386

HIGH 8.8

Responsive Lightbox & Gallery < 2.6.1 - Unauthenticated Stored XSS

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved.

Vendor	unknown
Product	responsive lightbox & gallery
Published	Feb 24, 2026
Last Updated	Feb 24, 2026

Stay Ahead of the Next One

Get instant alerts for unknown responsive lightbox & gallery

Be the first to know when new high vulnerabilities affecting unknown responsive lightbox & gallery are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Responsive Lightbox & Gallery

1.7.0 < 2.6.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/fa3a84b6-6d5d-4e10-8587-ae49c127483b/

Credits

Matthew Rollings WPScan