CVE-2022-0161

CVE-2022-0161: ARI Fancy Lightbox < 1.3.9 - Reflected Cross-Site Scripting

Vendor Unknown

Product ARI Fancy Lightbox – WordPress Popup

Weakness CWE-79 · XSS

Published March 14, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

March 14, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0161 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2021-3994 Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk CVE-2021-38677 Reflected XSS Vulnerability in QcalAgent CVE-2025-30924 WordPress Primer MyData for Woocommerce plugin < 4.2.4 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2019-25216 Rich Reviews <= 1.7.4 - Stored Cross-Site Scripting CVE-2025-48107 WordPress Uncode theme < 2.9.4.4 - Reflected Cross Site Scripting (XSS) vulnerability