CVE-2025-15386

Name of the Vulnerable Software and Affected Versions Responsive Lightbox & Gallery WordPress plugin versions prior to 2.6.1

Description The software contains a flaw in its regex replacement rules that allows for an Unauthenticated Stored-XSS attack. This occurs when a malicious link is posted as a comment, and then approved with lightbox for comments enabled. The issue allows an attacker to inject malicious code that will be executed when other users view the comment.

Recommendations Update to version 2.6.1 or later.