WordPress Plugin Vulnerabilities

Lightbox Plus < 2.8 - CSRF to XSS

Description

The lightbox-plus WordPress plugin was affected by a CSRF to XSS security vulnerability.

Affects Plugins

Plugin icon
lightbox-plus
Fixed in 2.8

References

CVE
CVE-2016-10865

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
6.1 (medium)

Miscellaneous

Verified
No
WPVDB ID
bde8f754-ec56-454c-8e23-4f5f65b336fc

Timeline

Publicly Published
2016-04-05 (about 10 years ago)
Added
2019-08-21 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-09-22
Title
Dashboard Notepad <= 1.42 - Cross-Site Request Forgery
Published
2024-03-12
Title
Easy Social Feed < 6.5.5 - Cross-Site Request Forgery
Published
2022-09-05
Title
Login Block IPs <= 1.0.0 - Arbitrary Setting Update via CSRF
Published
2025-05-19
Title
Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP < 6.2.5 - Cross-Site Request Forgery
Published
2023-07-04
Title
Header Footer Code Manager < 1.1.35 - Snippets Activation/Deactivation/Deletion via CSRF