Responsive Lightbox & Gallery WordPress Plugin Unauthenticated Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Responsive Lightbox & Gallery WordPress plugin, affecting versions prior to 2.6.1. The issue arises from inadequate regex replacement rules, allowing unauthenticated users to post comments containing malicious links. When the lightbox feature for comments is enabled and the comments are approved, the injected JavaScript is executed.

Impact

Exploitation of this vulnerability allows for unauthenticated stored cross-site scripting, where injected scripts are executed in the context of the user viewing the comments.

Reproduction

To reproduce this vulnerability, first enable the lightbox feature for comments in the plugin settings. Then, as an unauthenticated user, post a comment on any post or page that includes a malicious link crafted to exploit the vulnerability. After the comment is approved by an admin, the JavaScript payload will execute when the comment is viewed.

Remediation

Users are advised to update the Responsive Lightbox & Gallery WordPress plugin to version 2.6.1 or later.