CVE-2025-3597 – The Firelight Lightbox WordPress plugin before ... (How to Fix)

Q: What is the severity of CVE-2025-3597?

CVE-2025-3597 has a CVSS score of 5.9 (MEDIUM). The Firelight Lightbox WordPress plugin before version 2.3.15 allows users with post writing capabilities to execute arbitrary JavaScript when the jQuery Metadata library is enabled. This vulnerability affects WordPress sites using the free version of the plugin where the Pro-only feature can be activated, potentially enabling cross-site scripting attacks.

📋 TL;DR

The Firelight Lightbox WordPress plugin before version 2.3.15 allows users with post writing capabilities to execute arbitrary JavaScript when the jQuery Metadata library is enabled. This vulnerability affects WordPress sites using the free version of the plugin where the Pro-only feature can be activated, potentially enabling cross-site scripting attacks.

💻 Affected Systems

Products:

Firelight Lightbox WordPress Plugin

Versions: All versions before 2.3.15

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires jQuery Metadata library to be enabled and user with post writing capabilities. Free version can activate Pro-only features.

📦 What is this software?

Firelight Lightbox by Firelightwp

View all CVEs affecting Firelight Lightbox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Authenticated attackers with post writing privileges could inject malicious JavaScript that executes in visitors' browsers, leading to session hijacking, credential theft, or website defacement.

🟠

Likely Case

Malicious content editors could inject JavaScript into posts/pages that executes for all visitors, potentially stealing cookies or redirecting users.

🟢

If Mitigated

With proper user access controls and content sanitization, impact is limited to authorized users only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated user with post writing capabilities. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.15

Vendor Advisory: https://wpscan.com/vulnerability/8bf5e107-6397-4946-aaee-bf61d3e2dffd/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Firelight Lightbox plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 2.3.15+ from WordPress repository and replace plugin files.

🔧 Temporary Workarounds

Disable jQuery Metadata Library

all

Prevent exploitation by disabling the jQuery Metadata library feature in plugin settings.

Restrict User Capabilities

all

Limit post writing capabilities to trusted users only and implement principle of least privilege.

🧯 If You Can't Patch

Disable the Firelight Lightbox plugin entirely until patched
Implement strict Content Security Policy (CSP) headers to mitigate JavaScript execution

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Firelight Lightbox > Version. If version is below 2.3.15, system is vulnerable.

Check Version:

wp plugin list --name=firelight-lightbox --field=version

Verify Fix Applied:

Confirm plugin version is 2.3.15 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript injection in post content
Multiple post edits by single user in short timeframe

Network Indicators:

Suspicious JavaScript payloads in HTTP POST requests to wp-admin/post.php

SIEM Query:

source="wordpress.log" AND "post.php" AND "action=edit" AND ("<script>" OR "javascript:")

📊 Metadata

CVE ID: CVE-2025-3597

CVSS v3 Score: 5.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS Score: 0.06% exploit probability (18.6th percentile)

Published: May 12, 2025

Last Updated: June 5, 2025

🔗 References

https://wpscan.com/vulnerability/8bf5e107-6397-4946-aaee-bf61d3e2dffd/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON