CVE-2025-5092 is a stored Cross-Site Scripting (XSS) vulnerability categorized under CWE-79, found in the LightGallery WP plugin for WordPress. This plugin bundles the lightGallery JavaScript library (versions up to 2.8.3), which improperly neutralizes user input during web page generation. Specifically, insufficient input sanitization and output escaping on user-supplied attributes allow authenticated users with Contributor-level permissions or higher to inject arbitrary JavaScript code into pages. When other users access these pages, the injected scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or unauthorized actions within the WordPress environment. The vulnerability affects all versions of LightGallery WP using the vulnerable library. The attack vector is remote over the network, requiring low attack complexity and only limited privileges (Contributor or above). No user interaction is needed for the payload to execute once injected, and the scope is changed as the vulnerability affects other users viewing the injected content. The CVSS v3.1 base score is 6.4, reflecting a medium severity level due to the impact on confidentiality and integrity but no impact on availability. No public exploits have been reported yet, but the vulnerability's presence in widely used WordPress plugins makes it a significant risk. The lack of official patches at the time of publication necessitates immediate attention from administrators to mitigate risk.

For European organizations, this vulnerability poses a significant risk to websites running WordPress with the LightGallery WP plugin or other plugins/themes bundling the vulnerable lightGallery library. Successful exploitation can lead to unauthorized disclosure of sensitive information (e.g., session cookies, personal data), unauthorized actions performed on behalf of users, and potential defacement or redirection attacks. This can damage organizational reputation, lead to regulatory non-compliance (e.g., GDPR breaches due to data leakage), and disrupt business operations relying on web presence. Since the vulnerability requires only Contributor-level access, attackers can leverage compromised or weak user accounts to escalate their impact. The medium severity rating indicates a moderate but tangible threat, especially for organizations with public-facing WordPress sites used for customer engagement, e-commerce, or internal portals. The cross-site scripting nature also increases the risk of phishing and malware distribution campaigns targeting European users.

European organizations should immediately audit their WordPress installations to identify the presence of the LightGallery WP plugin or any plugins/themes bundling the vulnerable lightGallery library (<= 2.8.3). Until official patches are released, organizations should restrict Contributor-level permissions to trusted users only and consider temporarily disabling or removing the affected plugins. Implementing a Web Application Firewall (WAF) with rules to detect and block XSS payloads targeting LightGallery WP can provide interim protection. Additionally, applying Content Security Policy (CSP) headers can mitigate the impact of injected scripts by restricting script execution sources. Regularly monitoring logs for suspicious activity related to user input and reviewing user accounts for unauthorized privilege escalation is critical. Organizations should stay updated on vendor advisories for patches and apply them promptly once available. Finally, educating users about the risks of XSS and enforcing strong authentication controls reduces the likelihood of exploitation.