Overview
CVE-2025-5092 describes a medium-severity Stored Cross-Site Scripting (XSS) vulnerability impacting multiple WordPress plugins and themes that bundle the lightGallery library (versions 2.8.3 and below). This vulnerability stems from insufficient input sanitization and output escaping of user-supplied attributes, allowing authenticated attackers with Contributor-level access or higher to inject malicious JavaScript code into website pages. When a user visits a page containing the injected script, the code will execute, potentially leading to account compromise, data theft, or website defacement.
Technical Details
The vulnerability lies within the lightGallery library integrated into various WordPress plugins and themes. Specifically, insufficient sanitization of user-provided attributes used within the lightGallery implementation allows attackers to inject arbitrary HTML and JavaScript code. A Contributor-level user (or higher) could, for instance, craft a malicious post or page that includes lightGallery with a specially crafted attribute. This attribute would be saved to the WordPress database. When another user (including administrators) views this post or page, the injected script is executed in their browser within the context of the website.
CVSS Analysis
- CVSS Score: 6.4 (Medium)
Possible Impact
The Stored XSS vulnerability can have significant consequences:
- Account Compromise: An attacker could potentially steal administrator session cookies, leading to full website control.
- Data Theft: Sensitive information, such as user data or financial details, could be stolen.
- Website Defacement: The attacker can modify the website content or redirect users to malicious websites.
- Malware Distribution: The injected script could be used to distribute malware to website visitors.
Mitigation or Patch Steps
To mitigate this vulnerability, it is crucial to take the following steps:
- Update Plugins/Themes: Update all WordPress plugins and themes to the latest versions. Plugin developers have likely released patched versions that address this XSS vulnerability.
- Check Plugin Changelogs: Examine the changelogs of your installed plugins. Look for mentions of lightGallery library updates and security fixes related to input sanitization or XSS. The referenced changeset links in the References section may highlight relevant updates.
- Implement Web Application Firewall (WAF): Deploy a WAF to detect and block XSS attacks.
- Regular Security Audits: Conduct regular security audits of your WordPress website to identify and address potential vulnerabilities.
