WP-Safety

Joli CLEAR Lightbox Security & Risk Analysis

wordpress.org/plugins/joli-clear-lightbox

Ultralight Lightbox for WordPress. Designed for Speed. No jQuery. Responsive with gestures. Simple, Elegant, yet highly Customizable.

0 active installs v1.0.3 PHP 5.6+ WP 4.0+ Updated Mar 22, 2022
fancyboxgalleryimagelightboxphoto
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Joli CLEAR Lightbox Safe to Use in 2026?

Generally Safe

Score 85/100

Joli CLEAR Lightbox has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "joli-clear-lightbox" v1.0.3 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has a clean vulnerability history with no recorded CVEs. The absence of dangerous functions and a low number of file operations are also strengths. However, a significant concern is the presence of one AJAX handler that lacks authentication checks, creating a potential entry point for unauthorized actions. Furthermore, the taint analysis reveals four flows with unsanitized paths, indicating a risk of improper handling of user-supplied data, though these did not escalate to critical or high severity vulnerabilities in the static analysis. The plugin also has a high percentage of improperly escaped output, which could lead to cross-site scripting (XSS) vulnerabilities if the tainted data is rendered without proper sanitization. While the vulnerability history is clean, the static analysis findings point to areas that require immediate attention to bolster the plugin's overall security.

Key Concerns

  • Unprotected AJAX handler
  • Flows with unsanitized paths
  • Low percentage of properly escaped output
  • Bundled Freemius v1.0 library
Vulnerabilities
None known

Joli CLEAR Lightbox Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Joli CLEAR Lightbox Release Timeline

v1.0.3Current
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

Joli CLEAR Lightbox Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
5 prepared
Unescaped Output
565
388 escaped
Nonce Checks
2
Capability Checks
6
File Operations
2
External Requests
2
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared5 total queries

Output Escaping

41% escaped953 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
install_plugin_information (includes/fs/includes/fs-plugin-info-dialog.php:928)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Joli CLEAR Lightbox Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_joli_clb_handle_noticecore/Hooks.php:53
WordPress Hooks 33
actionadmin_noticescore/Controllers/NoticesFreeController.php:41
actionadmin_noticescore/Controllers/NoticesFreeController.php:47
actioninitcore/Hooks.php:52
actionadmin_enqueue_scriptscore/Hooks.php:57
actionadmin_menucore/Hooks.php:58
actionadmin_initcore/Hooks.php:59
filterthe_contentcore/Hooks.php:69
filterconnect_message_on_updatefs-helpers.php:23
actionafter_uninstallfs-helpers.php:36
filterplugin_iconfs-helpers.php:51
actionadmin_footerincludes/fs/includes/class-fs-logger.php:107
actionwp_footerincludes/fs/includes/class-fs-logger.php:109
filterplugins_apiincludes/fs/includes/class-fs-plugin-updater.php:83
actionadmin_headincludes/fs/includes/class-fs-plugin-updater.php:106
filterhttp_request_host_is_externalincludes/fs/includes/class-fs-plugin-updater.php:110
filterupgrader_post_installincludes/fs/includes/class-fs-plugin-updater.php:118
filterupgrader_pre_installincludes/fs/includes/class-fs-plugin-updater.php:121
filterupgrader_source_selectionincludes/fs/includes/class-fs-plugin-updater.php:122
filterwp_prepare_themes_for_jsincludes/fs/includes/class-fs-plugin-updater.php:125
actionadmin_footerincludes/fs/includes/class-fs-plugin-updater.php:142
filterpre_set_site_transient_update_pluginsincludes/fs/includes/class-fs-plugin-updater.php:249
filterpre_set_site_transient_update_themesincludes/fs/includes/class-fs-plugin-updater.php:254
filterupgrader_source_selectionincludes/fs/includes/class-fs-plugin-updater.php:1342
filterdebug_bar_panelsincludes/fs/includes/debug/debug-bar-start.php:51
filterdebug_bar_statusesincludes/fs/includes/debug/debug-bar-start.php:52
actioninstall_plugins_pre_plugin-informationincludes/fs/includes/fs-plugin-info-dialog.php:66
filterfs_plugins_apiincludes/fs/includes/fs-plugin-info-dialog.php:69
actionadmin_footerincludes/fs/includes/managers/class-fs-admin-notice-manager.php:208
actionnetwork_admin_noticesincludes/fs/includes/managers/class-fs-admin-notice-manager.php:362
actionadmin_noticesincludes/fs/includes/managers/class-fs-admin-notice-manager.php:363
actionadmin_enqueue_scriptsincludes/fs/includes/managers/class-fs-admin-notice-manager.php:366
actionhttp_api_curlincludes/fs/includes/sdk/FreemiusWordPress.php:445
actionadmin_footerincludes/fs/templates/account.php:83
Maintenance & Trust

Joli CLEAR Lightbox Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedMar 22, 2022
PHP min version5.6
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

Joli CLEAR Lightbox Alternatives

WP fancybox

WP fancybox

wp-fancybox

B
74

View image, YouTube video, Vimeo video, inline HTML in lightbox. Add fancybox lightbox effect to your WordPress site.

1K 1 unpatched
Firelight Lightbox

Firelight Lightbox

easy-fancybox

A
96

Formerly Easy Fancybox. The most popular WordPress lightbox plugin. Simple, fast, and responsive. Opens images, videos, PDFs, and custom popups.

200K 5 CVEs
Gallery by FooGallery

Gallery by FooGallery

foogallery

A
88

Photo Gallery, Image Gallery by FooGallery — fast, responsive, SEO-optimized, and packed with beautiful layouts.

100K 20 CVEs
Simple Lightbox

Simple Lightbox

simple-lightbox

A
99

The highly customizable lightbox for WordPress

100K 1 CVE
FancyBox for WordPress

FancyBox for WordPress

fancybox-for-wordpress

A
89

Seamlessly integrates FancyBox lightbox into your WordPress blog: Upload, activate, and you're done. Additional configuration optional.

40K 3 CVEs
Developer Profile

Joli CLEAR Lightbox Developer Profile

WPJoli

5 plugins · 8K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
194 days
View full developer profile
Detection Fingerprints

How We Detect Joli CLEAR Lightbox

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/joli-clear-lightbox/assets/admin/css/joli-clb-admin.css/wp-content/plugins/joli-clear-lightbox/assets/admin/js/joli-clb-admin.js/wp-content/plugins/joli-clear-lightbox/assets/admin/js/joli-clb-admin-notices.js/wp-content/plugins/joli-clear-lightbox/assets/public/css/wpjoli-clear-lightbox.css/wp-content/plugins/joli-clear-lightbox/assets/public/js/wpjoli-clear-lightbox.js
Script Paths
assets/admin/js/joli-clb-admin.jsassets/admin/js/joli-clb-admin-notices.jsassets/public/js/wpjoli-clear-lightbox.js
Version Parameters
joli-clear-lightbox/assets/admin/css/joli-clb-admin.css?ver=joli-clear-lightbox/assets/admin/js/joli-clb-admin.js?ver=joli-clear-lightbox/assets/admin/js/joli-clb-admin-notices.js?ver=joli-clear-lightbox/assets/public/css/wpjoli-clear-lightbox.css?ver=joli-clear-lightbox/assets/public/js/wpjoli-clear-lightbox.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpjoli-clear-lightbox
Data Attributes
data-wpjoli-lightbox-options
JS Globals
jclbAdminjclbAdminNoticeJCLB
FAQ

Frequently Asked Questions about Joli CLEAR Lightbox