CVE-2025-12359

Name of the Vulnerable Software and Affected Versions Responsive Lightbox & Gallery versions prior to 2.5.4

Description The Responsive Lightbox & Gallery plugin for WordPress is susceptible to Server-Side Request Forgery (SSRF). This occurs because of inadequate validation of user-provided URLs when determining image dimensions for gallery items, specifically within the get image size by url function. This allows authenticated attackers with Author-level access or higher to initiate web requests to arbitrary locations from the web application. This could potentially allow querying and modification of information from internal services.

Recommendations Update Responsive Lightbox & Gallery to version 2.5.4 or later.