CVE-2025-5093 is a Stored Cross-Site Scripting (XSS) vulnerability identified in the Responsive Lightbox & Gallery WordPress plugin versions prior to 2.5.2. The vulnerability arises from the use of the Swipebox library within the plugin, which fails to properly validate and escape the title attributes before rendering them on pages or posts. This flaw allows users with contributor-level permissions or higher to inject malicious scripts that are stored persistently and executed when other users view the affected content. Since contributors can add or edit posts but do not have full administrative privileges, this vulnerability effectively elevates the risk by enabling attackers to embed malicious JavaScript code that could execute in the context of other users’ browsers, potentially leading to session hijacking, privilege escalation, or unauthorized actions within the WordPress site. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The issue was publicly disclosed on June 27, 2025, and affects all versions before 2.5.2 of the plugin. The lack of patch links suggests that users should upgrade to version 2.5.2 or later once available to remediate the issue. The vulnerability requires authenticated access at the contributor level, which somewhat limits the attack surface but still poses a significant risk in environments where contributor accounts are common or insufficiently monitored.

For European organizations using WordPress sites with the Responsive Lightbox & Gallery plugin, this vulnerability could lead to significant security risks. Stored XSS can compromise the confidentiality and integrity of user sessions, enabling attackers to steal cookies, perform actions on behalf of legitimate users, or inject further malicious payloads such as ransomware or phishing content. This is particularly critical for organizations that rely on WordPress for public-facing websites, intranets, or content management systems where contributors are allowed to publish content. The exploitation could result in reputational damage, data breaches, and regulatory non-compliance under GDPR if personal data is exposed or manipulated. Additionally, the vulnerability could be leveraged as a foothold for lateral movement within an organization’s network if administrative users are targeted. The requirement for contributor-level access means that insider threats or compromised contributor accounts pose a direct risk. Given the widespread use of WordPress across Europe, the vulnerability could affect a broad range of sectors including media, education, government, and commerce.

European organizations should immediately audit their WordPress installations to identify the presence and version of the Responsive Lightbox & Gallery plugin. Until an official patch (version 2.5.2 or later) is applied, organizations should restrict contributor-level permissions to trusted users only and consider temporarily disabling the plugin if feasible. Implementing Web Application Firewall (WAF) rules to detect and block suspicious script injections targeting the title attributes can provide interim protection. Additionally, organizations should enforce strict input validation and output encoding policies on user-generated content, and monitor logs for unusual activities related to contributor accounts. Regular security training for content contributors to recognize phishing and social engineering attempts can reduce the risk of account compromise. Finally, organizations should subscribe to vulnerability disclosure feeds and promptly apply updates once patches are released to ensure long-term protection.