Responsive Lightbox & Gallery WordPress Plugin Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Responsive Lightbox & Gallery WordPress plugin, affecting versions prior to 2.5.3. The issue arises because the plugin does not properly manage modifications to HTML tag attributes. This flaw could allow unauthenticated attackers to exploit the functionality by injecting event handlers, leading to the execution of malicious scripts that are stored and executed later.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the comments.

Reproduction

To reproduce this vulnerability, install and activate the Responsive Lightbox & Gallery plugin. Then, navigate to the plugin's settings and enable the option for 'Lightbox for comments content'. After that, as an unauthenticated user, create a comment that includes a link with specific HTML attributes designed to inject a script, such as an 'onfocus' attribute. Once the comment is approved and viewed, the injected script will execute, demonstrating the cross-site scripting vulnerability.

Remediation

Users are advised to update the Responsive Lightbox & Gallery WordPress plugin to version 2.5.3 or later.