CVE-2025-5035

Name of the Vulnerable Software and Affected Versions: Firelight Lightbox WordPress plugin versions prior to 2.3.16

Description: The issue concerns the Firelight Lightbox WordPress plugin, which does not properly sanitise and escape title attributes before displaying them on the page. This could allow users with a role as low as contributors to perform stored Cross-Site Scripting attacks.

Recommendations: For versions prior to 2.3.16, update to version 2.3.16 or later to resolve the issue. As a temporary workaround, consider restricting the ability of low-role users, such as contributors, to input data that could be used in title attributes until the update is applied.