WordPress · Lightbox Plus Colorbox · CVE-2016-10865
**Name of the Vulnerable Software and Affected Versions**
Lightbox Plus Colorbox plugin versions prior to 2.8
**Description**
The issue concerns cross-site request forgery (CSRF) that can lead to resultant width XSS. This occurs via the "wp-admin/admin.php?page=lightboxplus" API endpoint.
**Recommendations**
For versions prior to 2.8, update to version 2.8 or later to resolve the issue.