CVE-2021-24667

Name of the Vulnerable Software and Affected Versions Simply Gallery Blocks with Lightbox version 2.2.0 and below

Description A stored cross-site scripting issue has been discovered in the Lightbox functionality of the Simply Gallery Blocks with Lightbox plugin. This issue exists due to insufficient validation of image parameters in meta data, allowing a user with low privileges to execute arbitrary script code within the context of the application. The vulnerability can be exploited by a remote attacker to perform cross-site scripting attacks.

Recommendations For Simply Gallery Blocks with Lightbox version 2.2.0 and below, consider disabling the Lightbox functionality until a patch is available to prevent exploitation of the stored cross-site scripting vulnerability. Restrict access to the Lightbox module to minimize the risk of exploitation. Avoid using the vulnerable Lightbox functionality in the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.