Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
WordPress Responsive Lightbox & Gallery Plugin Allows Malicious Comments
CVE-2025-15386
Summary
A security issue in the Responsive Lightbox & Gallery plugin for WordPress allows attackers to inject malicious code into comments. If your website uses this plugin and allows comments, you should update to version 2.6.1 or later to prevent this vulnerability. Updating the plugin will help keep your website safe from potential attacks.
Original title
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment w...
Original description
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved.
nvd CVSS3.1
8.8
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026