Login Sign Up

CVE-2025-12359

5.4 MEDIUM
SSRF

📋 TL;DR

The Responsive Lightbox & Gallery WordPress plugin has a Server-Side Request Forgery vulnerability that allows authenticated attackers with Author-level permissions to make arbitrary web requests from the server. This can be used to query or modify internal services accessible from the web server. All WordPress sites using this plugin up to version 2.5.3 are affected.

💻 Affected Systems

Products:
  • Responsive Lightbox & Gallery WordPress Plugin
Versions: All versions up to and including 2.5.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user with Author-level permissions or higher. WordPress multisite installations are also affected.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive internal services, exfiltrate data from internal networks, or perform attacks against internal systems using the web server as a proxy.

🟠

Likely Case

Information disclosure from internal services, scanning of internal networks, or limited data modification depending on internal service permissions.

🟢

If Mitigated

Limited impact if network segmentation restricts web server access to internal services and proper authentication controls are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires Author-level WordPress credentials. The vulnerability is in the get_image_size_by_url function which doesn't properly validate user-supplied URLs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.5.4

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3397940%40responsive-lightbox%2Ftrunk&old=3358021%40responsive-lightbox%2Ftrunk&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Responsive Lightbox & Gallery'. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 2.5.4+ from WordPress plugin repository and manually update.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate responsive-lightbox

Restrict User Permissions

all

Limit Author-level permissions and review user accounts

🧯 If You Can't Patch

  • Implement network segmentation to restrict web server access to internal services
  • Add web application firewall rules to block SSRF attempts and monitor for suspicious outbound requests

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins for 'Responsive Lightbox & Gallery' version 2.5.3 or lower

Check Version:

wp plugin get responsive-lightbox --field=version

Verify Fix Applied:

Verify plugin version is 2.5.4 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from web server to internal IPs
  • Multiple failed image dimension requests to unusual domains

Network Indicators:

  • Web server making requests to internal services not typically accessed
  • HTTP requests to private IP ranges from web server

SIEM Query:

source="web_server_logs" AND (dest_ip IN (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) OR uri CONTAINS "get_image_size_by_url")

📊 Metadata

CVE ID: CVE-2025-12359
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-918
EPSS Score: 0.05% exploit probability (14.4th percentile)
Published: November 19, 2025
Last Updated: November 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12359, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)