Does hiWeb Lightbox have any unpatched vulnerabilities?

No. All known vulnerabilities in hiWeb Lightbox have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is hiWeb Lightbox compatible with WordPress 4.6.30?

According to WordPress.org data, hiWeb Lightbox 1.0.0.1 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is hiWeb Lightbox updated?

hiWeb Lightbox was last updated on Nov 11, 2016. Frequent updates are generally a positive security signal.

What is hiWeb Lightbox's security score?

hiWeb Lightbox has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

hiWeb Lightbox Security & Risk Analysis

wordpress.org/plugins/hiweb-lightbox

An easy way to install on your website lightbox for images and galleries. Without setting.

20 active installs v1.0.0.1 PHP + WP 4.0+ Updated Nov 11, 2016

fancyboxgalleryimageimageslightbox

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is hiWeb Lightbox Safe to Use in 2026?

Generally Safe

Score 85/100

hiWeb Lightbox has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "hiweb-lightbox" v1.0.0.1 plugin exhibits a strong security posture based on the provided static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. Furthermore, the fact that all SQL queries utilize prepared statements is an excellent security practice. The vulnerability history also shows no recorded CVEs, which is a positive indicator of the plugin's security over time.

However, the static analysis does reveal a concern regarding output escaping, with only 40% of outputs being properly escaped. This leaves a potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is ever incorporated into the unescaped output. The lack of nonce checks and capability checks on the identified entry points (though currently zero) is also a potential weakness that could become a risk if new functionalities are added without proper security considerations. The file operations, while not inherently dangerous, could be a vector for other vulnerabilities if not handled with care.

In conclusion, "hiweb-lightbox" v1.0.0.1 appears to be a relatively secure plugin due to its minimal attack surface and good SQL practices. The main areas for improvement are ensuring all outputs are properly escaped and implementing appropriate authorization checks (nonces and capabilities) for any future additions to the plugin's functionality to maintain a robust security profile.

Key Concerns

Insufficient output escaping
No nonce checks
No capability checks

Vulnerabilities

None known

hiWeb Lightbox Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

hiWeb Lightbox Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

40% escaped5 total outputs

Attack Surface

hiWeb Lightbox Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 14

actionwp_footerinclude\hooks.php:4

filterwp_get_attachment_linkinclude\hooks.php:6

filterthe_contentinclude\hooks.php:7

actionshutdowninclude\modules\console.php:18

actionwp_enqueue_scriptsinclude\modules\css.php:14

actionadmin_enqueue_scriptsinclude\modules\css.php:15

actionlogin_enqueue_scriptsinclude\modules\css.php:16

actionwp_footerinclude\modules\css.php:17

actionadmin_footerinclude\modules\css.php:18

actionwp_enqueue_scriptsinclude\modules\js.php:14

actionadmin_enqueue_scriptsinclude\modules\js.php:15

actionlogin_enqueue_scriptsinclude\modules\js.php:16

actionwp_footerinclude\modules\js.php:17

actionadmin_footerinclude\modules\js.php:18

Maintenance & Trust

hiWeb Lightbox Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedNov 11, 2016

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

hiWeb Lightbox Alternatives

PhotoSwipe

photo-swipe

A very light implementation of PhotoSwipe javascript plugin for WordPress

1K No CVEs

Annytab PhotoSwipe

annytab-photoswipe

A plugin that implements PhotoSwipe to display an image gallery in a lightbox.

0 No CVEs

Lightbox & Modal Popup WordPress Plugin – FooBox

foobox-image-lightbox

A responsive image lightbox for WordPress galleries, WordPress attachments & FooGallery

100K 5 CVEs

Responsive Lightbox & Gallery

responsive-lightbox

The most popular lightbox plugin and responsive gallery builder for WordPress.

100K 13 CVEs

FancyBox for WordPress

fancybox-for-wordpress

Seamlessly integrates FancyBox lightbox into your WordPress blog: Upload, activate, and you're done. Additional configuration optional.

40K 3 CVEs

Developer Profile

hiWeb Lightbox Developer Profile

Den Media

9 plugins · 100 total installs

trust score

Avg Security Score

83/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect hiWeb Lightbox

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hiweb-lightbox/js/hw_lightbox.js/wp-content/plugins/hiweb-lightbox/assets/photoswipe/photoswipe.min.js/wp-content/plugins/hiweb-lightbox/assets/photoswipe/photoswipe-ui-default.min.js/wp-content/plugins/hiweb-lightbox/assets/photoswipe/photoswipe.css/wp-content/plugins/hiweb-lightbox/assets/photoswipe/default-skin/default-skin.css

Script Paths

HTML / DOM Fingerprints

Data Attributes

data-full-widthdata-full-height

JS Globals

hiweb_lightbox

FAQ