CVE-2024-50460
📋 TL;DR
This stored cross-site scripting (XSS) vulnerability in the Firelight Lightbox WordPress plugin allows attackers to inject malicious scripts into web pages. When users view pages containing the injected content, the scripts execute in their browsers, potentially stealing credentials or performing unauthorized actions. All WordPress sites using Firelight Lightbox versions up to 2.3.3 are affected.
💻 Affected Systems
- Firelight Lightbox WordPress Plugin
📦 What is this software?
Firelight Lightbox by Firelightwp
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, take over WordPress sites, deface websites, or redirect visitors to malicious sites.
Likely Case
Attackers inject malicious JavaScript that steals user session cookies or credentials when users visit compromised pages.
If Mitigated
With proper input validation and output encoding, malicious scripts would be neutralized before reaching users' browsers.
🎯 Exploit Status
Exploitation requires the ability to inject malicious input into the plugin, which typically requires some level of access (like contributor or author role). The vulnerability is publicly documented with technical details available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.4 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/easy-fancybox/wordpress-firelight-lightbox-plugin-2-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Firelight Lightbox. 4. Click 'Update Now' if update is available. 5. If no update appears, manually download version 2.3.4+ from WordPress.org and replace the plugin files.
🔧 Temporary Workarounds
Disable Firelight Lightbox Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate firelight-lightbox
Implement WAF Rules
allAdd web application firewall rules to block XSS payloads targeting this plugin
🧯 If You Can't Patch
- Remove the Firelight Lightbox plugin completely and use alternative lightbox solutions
- Implement strict content security policy (CSP) headers to mitigate script execution
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Firelight Lightbox version. If version is 2.3.3 or lower, you are vulnerable.Check Version:
wp plugin get firelight-lightbox --field=versionVerify Fix Applied:
After updating, verify the plugin version shows 2.3.4 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to WordPress admin-ajax.php or admin-post.php containing script tags or JavaScript payloads
- Multiple failed login attempts followed by plugin modification requests
Network Indicators:
- HTTP requests containing malicious script payloads in parameters typically processed by the Firelight Lightbox plugin
SIEM Query:
source="wordpress.log" AND ("firelight" OR "lightbox") AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")