CVE-2025-5092 is a Stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting the LightGallery WP plugin for WordPress, specifically versions up to and including 2.8.3. The vulnerability arises from improper neutralization of input during web page generation in the plugin's bundled lightGallery library. Authenticated users with Contributor-level access or higher can exploit this flaw by injecting malicious JavaScript code into user-supplied attributes that are insufficiently sanitized and improperly escaped before rendering on web pages. When other users access these compromised pages, the injected scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, defacement, or distribution of malware. The attack vector is remote over the network, with low complexity, and does not require user interaction beyond viewing the infected page. The vulnerability affects all versions of the plugin up to 2.8.3, and no patches or updates are currently linked, indicating a need for vendor response. Although no known exploits are reported in the wild, the vulnerability's presence in a widely used WordPress plugin poses a significant risk. The CVSS v3.1 base score is 6.4, reflecting medium severity with partial impact on confidentiality and integrity but no impact on availability. The scope is changed, meaning the vulnerability can affect components beyond the initially vulnerable plugin. The vulnerability is particularly concerning for multi-user WordPress environments where contributors can add content, as it expands the attack surface beyond administrators. The lack of user interaction requirement increases the risk of automated exploitation once a patch is available or exploit code is developed.

For European organizations, this vulnerability poses a moderate risk primarily to websites and web applications running WordPress with the LightGallery WP plugin installed. The ability for authenticated contributors to inject persistent malicious scripts can lead to unauthorized access to user sessions, theft of sensitive information, and potential defacement or reputational damage. Organizations relying on collaborative content management with multiple contributors are especially vulnerable, as contributor accounts can be leveraged to inject malicious payloads. The impact extends to confidentiality and integrity of data but does not directly affect availability. Given the widespread use of WordPress across Europe, including government, educational, and commercial sectors, exploitation could facilitate broader attacks such as phishing campaigns or lateral movement within networks. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as exploit code could emerge. The vulnerability also increases compliance risks under GDPR if personal data is compromised through session hijacking or data theft. Overall, the threat could disrupt business operations, erode user trust, and incur regulatory penalties if not addressed promptly.

European organizations should take immediate steps to mitigate this vulnerability beyond generic patching advice. First, monitor official LightGallery WP plugin channels for security updates or patches and apply them promptly once available. Until patches are released, restrict Contributor-level access to trusted users only and review existing contributor accounts for suspicious activity. Implement Web Application Firewalls (WAFs) with custom rules to detect and block common XSS payloads targeting the plugin's input vectors. Employ Content Security Policy (CSP) headers to limit script execution sources and reduce the impact of injected scripts. Conduct thorough input validation and output encoding on all user-supplied data within custom themes or plugins that interact with LightGallery WP. Regularly audit WordPress installations for outdated plugins and enforce strict user role management policies. Additionally, educate content contributors about the risks of injecting untrusted content and monitor logs for unusual page modifications. Finally, consider isolating critical WordPress instances or using containerization to limit the scope of potential compromise.