CVE-2025-5092 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, found in the LightGallery WP plugin for WordPress. The vulnerability arises from insufficient input sanitization and output escaping in the plugin's bundled lightGallery library (versions up to 2.8.3). This flaw allows authenticated users with Contributor-level permissions or higher to inject arbitrary JavaScript code into web pages managed by the plugin. Because the malicious scripts are stored persistently, they execute whenever any user accesses the affected page, potentially compromising user sessions, stealing cookies, or performing unauthorized actions on behalf of users. The vulnerability does not require user interaction beyond visiting the injected page, and the attack surface includes all WordPress sites using the vulnerable plugin versions. The CVSS 3.1 base score is 6.4, reflecting a medium severity with network attack vector, low attack complexity, and privileges required. The scope is changed, indicating that the vulnerability affects resources beyond the initially vulnerable component. No patches or known exploits are currently reported, but the presence of this vulnerability in a widely used plugin presents a significant risk if left unaddressed.

The impact of CVE-2025-5092 on organizations worldwide can be substantial, particularly for websites relying on the LightGallery WP plugin for media display. Successful exploitation enables attackers with contributor-level access to inject persistent malicious scripts, which can lead to session hijacking, credential theft, unauthorized actions, defacement, or distribution of malware. This undermines the confidentiality and integrity of user data and website content. Although availability is not directly impacted, the reputational damage and potential regulatory consequences from data breaches can be severe. Organizations with multiple content contributors or public-facing WordPress sites are especially vulnerable. The medium severity score reflects that exploitation requires some level of authentication, limiting exposure to external unauthenticated attackers but still posing a significant insider or compromised account risk. If exploited at scale, this vulnerability could facilitate widespread web-based attacks, impacting user trust and business operations.

To mitigate CVE-2025-5092, organizations should first update the LightGallery WP plugin to a version that addresses the vulnerability once available. Until a patch is released, administrators should restrict Contributor-level access strictly to trusted users and review user permissions to minimize risk. Implementing a Web Application Firewall (WAF) with rules to detect and block common XSS payloads targeting the plugin can provide temporary protection. Additionally, site owners should enable Content Security Policy (CSP) headers to restrict script execution sources, reducing the impact of injected scripts. Regularly audit and sanitize all user-generated content, especially attributes handled by the lightGallery library. Monitoring logs for unusual script injection attempts and educating contributors about secure content practices will further reduce risk. Finally, consider disabling or replacing the LightGallery WP plugin if immediate patching is not feasible.