CVE-2025-5035
📋 TL;DR
The Firelight Lightbox WordPress plugin before version 2.3.16 has a stored cross-site scripting (XSS) vulnerability in title attributes. This allows users with contributor-level permissions or higher to inject malicious scripts that execute when other users view affected pages. WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- Firelight Lightbox WordPress Plugin
📦 What is this software?
Firelight Lightbox by Firelightwp
⚠️ Risk & Real-World Impact
Worst Case
An attacker with contributor access could inject malicious JavaScript that steals administrator credentials, redirects users to malicious sites, or performs actions on behalf of authenticated users, potentially leading to full site compromise.
Likely Case
Contributor-level users could deface pages, display malicious content to visitors, or steal session cookies from other users viewing affected pages.
If Mitigated
With proper user role management and content review processes, the impact is limited to potential page defacement or minor content manipulation.
🎯 Exploit Status
Exploitation requires contributor-level access or higher. The vulnerability is in title attribute output without proper sanitization.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.16
Vendor Advisory: https://wpscan.com/vulnerability/5dca30af-4624-4a71-93be-00fa8dc00c97/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Firelight Lightbox plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 2.3.16+ from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Remove Contributor Access
allTemporarily remove contributor role from untrusted users until patch is applied.
Disable Plugin
allDeactivate the Firelight Lightbox plugin if not essential for site functionality.
🧯 If You Can't Patch
- Implement strict user role management and review all content from contributor-level users before publishing.
- Add Content Security Policy (CSP) headers to mitigate XSS impact.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Firelight Lightbox version. If version is below 2.3.16, the site is vulnerable.Check Version:
wp plugin list --name=firelight-lightbox --field=versionVerify Fix Applied:
Confirm Firelight Lightbox plugin version is 2.3.16 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual content modifications by contributor-level users
- Multiple failed login attempts followed by successful contributor login
Network Indicators:
- Unexpected JavaScript in title attributes of lightbox elements
- External script loading from lightbox content
SIEM Query:
source="wordpress" AND (event="plugin_update" AND plugin="firelight-lightbox" AND version<"2.3.16") OR (event="content_edit" AND user_role="contributor" AND content_contains="<script>")