CVE-2025-5537 – This stored XSS vulnerability in the FooBox Wor... (How to Fix)

Q: What is the severity of CVE-2025-5537?

CVE-2025-5537 has a CVSS score of 6.4 (MEDIUM). This stored XSS vulnerability in the FooBox WordPress plugin allows authenticated attackers with Author-level access or higher to inject malicious scripts into image alternative text fields. These scripts execute automatically when users view pages containing the compromised images. All WordPress sites using vulnerable FooBox plugin versions are affected.

📋 TL;DR

This stored XSS vulnerability in the FooBox WordPress plugin allows authenticated attackers with Author-level access or higher to inject malicious scripts into image alternative text fields. These scripts execute automatically when users view pages containing the compromised images. All WordPress sites using vulnerable FooBox plugin versions are affected.

💻 Affected Systems

Products:

FooBox Image Lightbox WordPress Plugin

Versions: All versions up to and including 2.7.34

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with FooBox plugin enabled. Attackers need Author-level access or higher.

📦 What is this software?

Foobox by Fooplugins

View all CVEs affecting Foobox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal admin credentials, deface websites, redirect users to malicious sites, or install backdoors for persistent access.

🟠

Likely Case

Attackers with Author access inject malicious scripts to steal session cookies or redirect users to phishing pages.

🟢

If Mitigated

With proper user access controls and content security policies, impact is limited to potential defacement of specific pages.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is technically simple once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.35

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3322273%40foobox-image-lightbox&new=3322273%40foobox-image-lightbox&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find FooBox Image Lightbox. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.7.35+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable FooBox Plugin

all

Temporarily disable the vulnerable plugin until patching is possible.

wp plugin deactivate foobox-image-lightbox

Restrict User Roles

all

Limit Author-level access to trusted users only and implement principle of least privilege.

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Regularly audit user accounts and remove unnecessary Author-level permissions

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins → FooBox Image Lightbox version number.

Check Version:

wp plugin get foobox-image-lightbox --field=version

Verify Fix Applied:

Confirm plugin version is 2.7.35 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual image alt text modifications by Author-level users
Multiple failed login attempts followed by successful Author-level login

Network Indicators:

Unexpected external script loads from WordPress pages with FooBox images

SIEM Query:

source="wordpress" (event="plugin_update" plugin_name="foobox-image-lightbox" version<"2.7.35") OR (event="user_activity" user_role="author" action="edit_post" resource_type="attachment")

📊 Metadata

CVE ID: CVE-2025-5537

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.02% exploit probability (6.1th percentile)

Published: July 8, 2025

Last Updated: July 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5537, you might also want to check these: