CVE-2026-1430

MEDIUM 4.8

WP Lightbox 2 < 3.0.7 - Admin+ Stored XSS

CVSS Score

4.8

EPSS Score

0.0%

EPSS Percentile

8th

The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Vendor	unknown
Product	wp lightbox 2
Published	Mar 26, 2026
Last Updated	Mar 26, 2026

Stay Ahead of the Next One

Get instant alerts for unknown wp lightbox 2

Be the first to know when new medium vulnerabilities affecting unknown wp lightbox 2 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / WP Lightbox 2

0 < 3.0.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/e0536061-140d-47eb-9e8b-9785b52c62f7/

Credits

Krugov Artyom WPScan