Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2025-3597

The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free version too, making it theoretically exploitable there as well.

Published: May 12, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-3597
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
firelightwp / firelight_lightbox	-	2.3.15

https://wpscan.com/vulnerability/8bf5e107-6397-4946-aaee-bf61d3e2dffd/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo