CVE-2025-3745

The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks.

Published: Jun 30, 2025
Updated: Jul 2, 2025
CVE: CVE-2025-3745
Exploit:

No technical information available.

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
syedbalkhi / wp_lightbox_2	-	3.0.6.8

https://wpscan.com/vulnerability/1b50f686-c2e0-4963-95c8-b27137dcc059/

Vulnerability Database

289,782

CVE-2025-3745