CVE-2025-5093

Name of the Vulnerable Software and Affected Versions: Responsive Lightbox & Gallery WordPress plugin versions prior to 2.5.2

Description: The issue concerns the use of the Swipebox library in the Responsive Lightbox & Gallery WordPress plugin, which fails to validate and escape title attributes before outputting them back in a page or post. This could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Recommendations: For versions prior to 2.5.2, update to version 2.5.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Swipebox library or limiting the contributor role and above to minimize the risk of exploitation. Avoid using the title attribute in the affected plugin until the issue is resolved.