Add LightBox & Title Security & Risk Analysis
wordpress.org/plugins/add-lightbox-titleThis plugin for WordPress automatically add the rel="lightbox[ID-OF-THE-POST]" and recovers the image title.
Is Add LightBox & Title Safe to Use in 2026?
Generally Safe
Score 85/100Add LightBox & Title has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The static analysis of the "add-lightbox-title" v1.5 plugin reveals a remarkably clean codebase with no apparent vulnerabilities in terms of dangerous functions, raw SQL queries, unescaped output, file operations, external HTTP requests, or tainted data flows. The absence of entry points like AJAX handlers, REST API routes, shortcodes, and cron events significantly reduces the plugin's attack surface. Furthermore, the vulnerability history is clean, with no recorded CVEs, indicating a strong security track record.
However, the complete lack of nonce checks and capability checks, across all identified code signals, presents a significant concern. While the current version might not have exploitable entry points that necessitate these checks, the absence of these fundamental security mechanisms means that if any new entry points are introduced in future updates, or if an existing function is unexpectedly exposed, there would be no built-in protection against unauthorized access or manipulation. This oversight, coupled with the fact that 0% of AJAX handlers (if any were present) and 0% of REST API routes have authentication checks, points to a weakness in the plugin's overall security architecture. Despite the current clean state, this absence of basic security hygiene is a potential future risk.
In conclusion, "add-lightbox-title" v1.5 demonstrates excellent practices in secure coding for existing functionalities, with no immediate exploitable vulnerabilities identified. The plugin benefits from a minimal attack surface and a history free of security incidents. The primary weakness lies in the deliberate or accidental omission of essential security checks like nonces and capability checks, which leaves it vulnerable to potential future threats if the attack surface expands or existing functions are misused. A balanced perspective suggests that while the plugin is currently safe, future development must prioritize the implementation of these standard security measures to maintain its secure posture.
Key Concerns
- Missing nonce checks
- Missing capability checks
- No authentication on AJAX handlers (0 present)
- No permission callbacks on REST API routes (0 present)
Add LightBox & Title Security Vulnerabilities
Add LightBox & Title Code Analysis
Add LightBox & Title Attack Surface
WordPress Hooks 3
Maintenance & Trust
Add LightBox & Title Maintenance & Trust
Maintenance Signals
Community Trust
Add LightBox & Title Alternatives
Plugin Name: Always valid lightbox mod
always-valid-lightbox-mod
Always Valid Lightbox Mod is a Lightbox plugin which adapts to site's DOCTYPE and provides a valid HTML markup.
Lightbox & Modal Popup WordPress Plugin – FooBox
foobox-image-lightbox
A responsive image lightbox for WordPress galleries, WordPress attachments & FooGallery
Responsive Lightbox & Gallery
responsive-lightbox
The most popular lightbox plugin and responsive gallery builder for WordPress.
Quick Featured Images
quick-featured-images
The time-saving solution for managing tons of featured images within minutes: Set, replace and delete in bulk and set default images for future posts.
FancyBox for WordPress
fancybox-for-wordpress
Seamlessly integrates FancyBox lightbox into your WordPress blog: Upload, activate, and you're done. Additional configuration optional.
Add LightBox & Title Developer Profile
2 plugins · 310 total installs
How We Detect Add LightBox & Title
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
rel="lightbox