WP-Safety

All In One Lightbox – Display Images, Audio, and Video in Popups Security & Risk Analysis

wordpress.org/plugins/lightbox-block

Lightbox Block lets you display images, audio, video, and custom content in responsive lightbox galleries or media popups.

3K active installs v1.1.39 PHP 7.1+ WP 6.5+ Updated Feb 26, 2026
blockgutenberg-blocklightboxpopupslider
99
A · Safe
CVEs total1
Unpatched0
Last CVEJul 16, 2025
Download
Safety Verdict

Is All In One Lightbox – Display Images, Audio, and Video in Popups Safe to Use in 2026?

Generally Safe

Score 99/100

All In One Lightbox – Display Images, Audio, and Video in Popups has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 16, 2025Updated 1mo ago
Risk Assessment

The "lightbox-block" plugin v1.1.39 exhibits a generally strong security posture based on the static analysis. The code demonstrates good practices by utilizing prepared statements for all SQL queries and ensuring a very high percentage of output is properly escaped, minimizing the risk of cross-site scripting vulnerabilities originating from standard output. The presence of nonce and capability checks on several entry points further enhances its security. However, the plugin does make an external HTTP request, which is a potential point of concern if the target endpoint is not secure or if the request is made without proper validation of the response. The vulnerability history indicates a past medium-severity cross-site scripting vulnerability, and while it is currently patched, this pattern suggests a need for continued vigilance. The presence of the Freemius SDK, while common for monetization, can also introduce additional dependencies and potential attack vectors if not managed securely.

Key Concerns

  • Past medium severity XSS vulnerability
  • External HTTP request made
  • Bundled Freemius SDK
Vulnerabilities
1

All In One Lightbox – Display Images, Audio, and Video in Popups Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-54051medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

LightBox Block <= 1.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 16, 2025 Patched in 1.1.31 (7d)
Code Analysis
Analyzed Mar 16, 2026

All In One Lightbox – Display Images, Audio, and Video in Popups Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
40 escaped
Nonce Checks
4
Capability Checks
5
File Operations
0
External Requests
1
Bundled Libraries
1

Bundled Libraries

Freemius

Output Escaping

98% escaped41 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
fs_init (freemius-lite\inc\Base\FSActivate.php:68)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

All In One Lightbox – Display Images, Audio, and Video in Popups Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_fs_initfreemius-lite\inc\Base\FSActivate.php:42
authwp_ajax_bpllb_get_image_idindex.php:87

Shortcodes 1

[lbb-lightbox-block] inc\custom-shortcode.php:9
WordPress Hooks 20
actionadmin_headfreemius-lite\inc\Base\FSActivate.php:29
actionadmin_enqueue_scriptsfreemius-lite\inc\Base\FSActivate.php:30
actionadmin_menufreemius-lite\inc\Base\FSActivate.php:33
actionadmin_footerfreemius-lite\inc\Base\FSActivate.php:38
actionadmin_footerfreemius-lite\inc\Base\FSActivate.php:39
actionadmin_noticesfreemius-lite\inc\Base\FSActivate.php:44
actioninitfreemius-lite\inc\Base\FS_Lite.php:29
actionadmin_enqueue_scriptsinc\AdminMenu-free.php:7
actionadmin_menuinc\AdminMenu-free.php:8
actionadmin_enqueue_scriptsinc\AdminMenu.php:7
actionadmin_menuinc\AdminMenu.php:8
actioninitinc\custom-shortcode.php:8
filtermanage_lbb_posts_columnsinc\custom-shortcode.php:10
actionmanage_lbb_posts_custom_columninc\custom-shortcode.php:11
actionuse_block_editor_for_postinc\custom-shortcode.php:12
actioninitindex.php:84
actionenqueue_block_editor_assetsindex.php:85
actionenqueue_block_assetsindex.php:86
actionwp_enqueue_scriptsindex.php:88
filterplugin_action_linksindex.php:89
Maintenance & Trust

All In One Lightbox – Display Images, Audio, and Video in Popups Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 26, 2026
PHP min version7.1
Downloads63K

Community Trust

Rating100/100
Number of ratings5
Active installs3K
Alternatives

All In One Lightbox – Display Images, Audio, and Video in Popups Alternatives

Video Popup Block by WPZOOM

Video Popup Block by WPZOOM

wpzoom-video-popup-block

A
100

Easily add a Gutenberg block to create customizable Play icon that open popups with YouTube, YouTube Shorts, TikTok, Vimeo, or MP4 videos

10K No CVEs
Carousel Block – Responsive Image and Content Carousel

Carousel Block – Responsive Image and Content Carousel

b-carousel-block

A
99

Create stunning carousels effortlessly with the Carousel Block. Showcase your images in an elegant carousel directly within the Gutenberg editor.

6K 1 CVE
bSlider – Create Responsive Image, Post, Product, and Video Sliders

bSlider – Create Responsive Image, Post, Product, and Video Sliders

b-slider

A
92

bSlider is a WordPress slider plugin that lets you create responsive image, post, product, and video carousels using the Gutenberg block & shortcode.

6K 7 CVEs
Light Modal Block

Light Modal Block

light-modal-block

A
100

Lightweight, customizable modal block for the WordPress block editor

2K No CVEs
Gutena Video Lightbox

Gutena Video Lightbox

gutena-lightbox

A
100

Gutena Video Lightbox is a WordPress Block that allows you to add a video in a popup window that goes over the website content.

1K No CVEs
Developer Profile

All In One Lightbox – Display Images, Audio, and Video in Popups Developer Profile

colorlibplugins

120 plugins · 738K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
140 days
View full developer profile
Detection Fingerprints

How We Detect All In One Lightbox – Display Images, Audio, and Video in Popups

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/lightbox-block/assets/css/carousel.css/wp-content/plugins/lightbox-block/assets/css/carousel-thum.css/wp-content/plugins/lightbox-block/assets/css/shortcode.css/wp-content/plugins/lightbox-block/assets/css/plyr.min.css/wp-content/plugins/lightbox-block/assets/js/carousel.js/wp-content/plugins/lightbox-block/assets/js/carousel-thum.js/wp-content/plugins/lightbox-block/assets/js/plyr.min.js/wp-content/plugins/lightbox-block/assets/js/shortcode.js+2 more
Script Paths
/wp-content/plugins/lightbox-block/assets/js/carousel.js/wp-content/plugins/lightbox-block/assets/js/carousel-thum.js/wp-content/plugins/lightbox-block/assets/js/plyr.min.js/wp-content/plugins/lightbox-block/assets/js/shortcode.js/wp-content/plugins/lightbox-block/build/custom-popup.js
Version Parameters
lightbox-block/assets/css/carousel.css?ver=lightbox-block/assets/css/carousel-thum.css?ver=lightbox-block/assets/css/shortcode.css?ver=lightbox-block/assets/css/plyr.min.css?ver=lightbox-block/assets/js/carousel.js?ver=lightbox-block/assets/js/carousel-thum.js?ver=lightbox-block/assets/js/plyr.min.js?ver=lightbox-block/assets/js/shortcode.js?ver=lightbox-block/build/custom-popup.js?ver=lightbox-block/build/custom-popup.css?ver=

HTML / DOM Fingerprints

CSS Classes
bpllb-lightboxbpllb-iconbpllb-icon-bpllb-close-buttonbpllb-img-wrapbpllb-img-bpllb-content-wrapbpllb-img-caption+8 more
Data Attributes
data-lbb-elementdata-lbb-typedata-lbb-groupdata-lbb-optionsdata-lbb-itemdata-lbb-autoplay+2 more
JS Globals
lbb_plugin_databpllbMediaUrlIdLBB_ASSETS_DIRLBB_DIR_URLLBB_PLUGIN_VERSION
REST Endpoints
/wp-json/bpllb/v1/options
Shortcode Output
[lbb_gallery[lbb_gallery_item
FAQ

Frequently Asked Questions about All In One Lightbox – Display Images, Audio, and Video in Popups