One of the changelog entires for the latest version of the WordPress plugin WP jQuery Lightbox (WP Lightbox) is “Minor security fix (issue only affected authenticated users).” Checking in to that, we found that referenced an authenticated persistent cross-site scripting (XSS) vulnerability where someone with the ability to edit posts could cause JavaScript code to run when clicking on a lightbox entry with a lightbox.

…

[Read more]