CVE-2025-3597

Name of the Vulnerable Software and Affected Versions Firelight Lightbox plugin for WordPress versions prior to 2.3.15

Description The issue allows users with post writing capabilities to execute arbitrary JavaScript when the jQuery Metadata library is enabled. This feature is intended for Pro version users but can also be activated in the free version, making it theoretically exploitable.

Recommendations For Firelight Lightbox plugin for WordPress versions prior to 2.3.15, update to version 2.3.15 or later to resolve the issue. As a temporary workaround, consider disabling the jQuery Metadata library until a patch is available. Restrict access to users with post writing capabilities to minimize the risk of exploitation.