Does Responsive Lightbox & Gallery have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Responsive Lightbox & Gallery compatible with WordPress 6.9.4?

According to WordPress.org data, Responsive Lightbox & Gallery 2.7.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Responsive Lightbox & Gallery compatible with PHP 7.0+?

Responsive Lightbox & Gallery requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Responsive Lightbox & Gallery updated?

Responsive Lightbox & Gallery was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is Responsive Lightbox & Gallery's security score?

Responsive Lightbox & Gallery has a WP-Safety security score of 89/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Responsive Lightbox & Gallery Security & Risk Analysis

wordpress.org/plugins/responsive-lightbox

The most popular lightbox plugin and responsive gallery builder for WordPress.

100K active installs v2.7.6 PHP 7.0+ WP 6.0+ Updated Mar 12, 2026

galleriesgalleryimageimageslightbox

A · Safe

CVEs total13

Unpatched0

Last CVEFeb 24, 2026

Plugin page Download

Safety Verdict

Is Responsive Lightbox & Gallery Safe to Use in 2026?

Generally Safe

Score 89/100

Responsive Lightbox & Gallery has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

13 known CVEsLast CVE: Feb 24, 2026Updated 2mo ago

Risk Assessment

The responsive-lightbox plugin v2.7.6 exhibits a mixed security posture. While it demonstrates good practices in output escaping (93%) and a significant portion of its SQL queries are prepared (69%), there are notable areas of concern. The presence of 6 unprotected AJAX handlers presents a substantial attack surface, increasing the risk of unauthorized actions or privilege escalation. Furthermore, the taint analysis revealed 9 flows with unsanitized paths, though thankfully none reached a critical or high severity.

The plugin's vulnerability history is a significant red flag. With 13 known CVEs, including 2 high and 11 medium severity vulnerabilities, it indicates a pattern of introducing security flaws. The prevalence of SSRF, XSS, and missing authorization in past vulnerabilities aligns with the findings of unprotected AJAX handlers and unsanitized input paths. While there are currently no unpatched vulnerabilities, the historical pattern suggests a recurring need for vigilant security auditing and prompt patching by users.

In conclusion, responsive-lightbox v2.7.6 has strengths in output handling and SQL query preparation. However, the unprotected entry points, unsanitized input paths, and a concerning history of high and medium severity vulnerabilities warrant significant caution. The potential for exploitation via unprotected AJAX handlers, coupled with past trends in SSRF and XSS, necessitates careful consideration and monitoring.

Key Concerns

Unprotected AJAX handlers
Taint flows with unsanitized paths
High number of historical medium CVEs
High number of historical high CVEs
SQL queries not using prepared statements

Vulnerabilities

13 published

Responsive Lightbox & Gallery Security Vulnerabilities

CVEs by Year

1 CVE in 2016

2016

1 CVE in 2022

2022

1 CVE in 2023

2023

4 CVEs in 2024

2024

4 CVEs in 2025

2025

2 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

13 total CVEs

CVE-2026-2479medium · 5Server-Side Request Forgery (SSRF)

Responsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload

Feb 24, 2026 Patched in 2.7.2 (1d)

CVE-2025-15386high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Responsive Lightbox & Gallery < 2.6.1 - Unauthenticated Stored Cross-Site Scripting

Feb 3, 2026 Patched in 2.6.1 (91d)

CVE-2025-12359medium · 5.4Server-Side Request Forgery (SSRF)

Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery

Nov 18, 2025 Patched in 2.5.4 (1d)

CVE-2025-9710high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Responsive Lightbox & Gallery <= 2.5.2 - Unauthenticated Stored Cross-Site Scripting

Sep 15, 2025 Patched in 2.5.3 (32d)

CVE-2025-5093medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Responsive Lightbox & Gallery <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 6, 2025 Patched in 2.5.2 (34d)

CVE-2025-3742medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Responsive Lightbox & Gallery <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 24, 2025 Patched in 2.5.1 (37d)

CVE-2024-49282medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Responsive Lightbox <= 2.4.8 - Authenticated (Author+) Stored Cross-Site Scripting

Oct 15, 2024 Patched in 2.4.9 (9d)

CVE-2024-43924medium · 5.3Missing Authorization

Responsive Lightbox <= 2.4.7 - Missing Authorization

Aug 26, 2024 Patched in 2.4.8 (18d)

CVE-2024-6870medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Responsive Lightbox & Gallery <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload

Aug 21, 2024 Patched in 2.4.8 (1d)

CVE-2024-31252medium · 4.3Missing Authorization

Responsive Lightbox <= 2.4.6 - Missing Authorization via Information Disclosure

Apr 5, 2024 Patched in 2.4.7 (7d)

CVE-2023-49174medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Responsive Lightbox <= 2.4.5 - Authenticated (Author+) Stored Cross-Site Scripting via name

Nov 29, 2023 Patched in 2.4.6 (55d)

WF-d99d7a26-3645-4ff5-8c48-17b6fa77a228-responsive-lightboxmedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Responsive Lightbox & Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Nov 4, 2022 Patched in 2.4.2 (445d)

CVE-2017-2243medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Responsive Lightbox & Gallery <= 1.7.1 - Cross-Site Scripting

Dec 1, 2016 Patched in 1.7.2 (2609d)

Version History

Responsive Lightbox & Gallery Release Timeline

v2.7.6Current3 files changed

v2.7.53 files changed

v2.7.44 files changed

v2.7.310 files changed

v2.7.216 files changed

v2.7.11 CVE44 files changed

CVE-2026-2479

v2.7.01 CVE31 files changed

CVE-2026-2479

v2.6.11 CVE57 files changed

CVE-2026-2479

v2.6.02 CVEs61 files changed

CVE-2026-2479 CVE-2025-15386

v2.5.52 CVEs9 files changed

CVE-2026-2479 CVE-2025-15386

v2.5.42 CVEs21 files changed

CVE-2026-2479 CVE-2025-15386

v2.5.33 CVEs3 files changed

CVE-2026-2479 CVE-2025-12359 CVE-2025-15386

v2.5.24 CVEs10 files changed

CVE-2025-9710 CVE-2026-2479 CVE-2025-12359 +1 more

v2.5.15 CVEs11 files changed

CVE-2025-9710 CVE-2026-2479 CVE-2025-12359 +2 more

v2.5.06 CVEs14 files changed

CVE-2025-9710 CVE-2026-2479 CVE-2025-12359 +3 more

v2.4.96 CVEs5 files changed

CVE-2025-9710 CVE-2026-2479 CVE-2025-12359 +3 more

v2.4.87 CVEs17 files changed

CVE-2025-9710 CVE-2026-2479 CVE-2024-49282 +4 more

v2.4.79 CVEs4 files changed

CVE-2025-9710 CVE-2026-2479 CVE-2024-49282 +6 more

v2.4.610 CVEs16 files changed

CVE-2025-9710 CVE-2026-2479 CVE-2024-49282 +7 more

v2.4.511 CVEs

CVE-2025-9710 CVE-2026-2479 CVE-2023-49174 +8 more

Code Analysis

Analyzed Mar 16, 2026

Responsive Lightbox & Gallery Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

576 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

69% prepared16 total queries

Output Escaping

93% escaped619 total outputs

Data Flows · Security

9 unsanitized

Data Flow Analysis

17 flows9 with unsanitized paths

post_upload_ui (includes\class-folders.php:493)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Responsive Lightbox & Gallery Attack Surface

Entry Points22

Unprotected6

AJAX Handlers 21

authwp_ajax_save-attachment-compatincludes\class-folders.php:65

authwp_ajax_rl-folders-delete-termincludes\class-folders.php:66

authwp_ajax_rl-folders-rename-termincludes\class-folders.php:67

authwp_ajax_rl-folders-add-termincludes\class-folders.php:68

authwp_ajax_rl-folders-move-termincludes\class-folders.php:69

authwp_ajax_rl-folders-move-attachmentsincludes\class-folders.php:70

authwp_ajax_rl-folders-get-countersincludes\class-folders.php:71

authwp_ajax_rl-folders-select-termincludes\class-folders.php:72

authwp_ajax_rl-get-menu-contentincludes\class-galleries.php:78

authwp_ajax_rl-get-preview-contentincludes\class-galleries.php:79

authwp_ajax_rl-post-get-galleriesincludes\class-galleries.php:80

authwp_ajax_rl-post-gallery-previewincludes\class-galleries.php:81

authwp_ajax_rl-get-gallery-page-contentincludes\class-galleries.php:82

noprivwp_ajax_rl-get-gallery-page-contentincludes\class-galleries.php:83

authwp_ajax_rl_remote_library_queryincludes\class-remote-library.php:37

authwp_ajax_rl_upload_imageincludes\class-remote-library.php:38

authwp_ajax_rl-ignore-tourincludes\class-tour.php:23

authwp_ajax_rl-get-addons-feedincludes\settings\class-settings-addons.php:30

authwp_ajax_rl-folders-load-old-taxonomiesincludes\settings\class-settings-folders.php:35

authwp_ajax_rl_dismiss_noticeresponsive-lightbox.php:415

authwp_ajax_rl-deactivate-pluginresponsive-lightbox.php:416

Shortcodes 1

[rl_gallery] includes\class-galleries.php:222

WordPress Hooks 127

filterrl_settings_dataincludes\class-folders.php:50

actioninitincludes\class-folders.php:58

actionrestrict_manage_postsincludes\class-folders.php:59

actionwp_enqueue_mediaincludes\class-folders.php:60

actionadmin_enqueue_scriptsincludes\class-folders.php:61

actionpre-upload-uiincludes\class-folders.php:62

actionpost-upload-uiincludes\class-folders.php:63

actionadd_attachmentincludes\class-folders.php:64

filteradmin_body_classincludes\class-folders.php:75

filterparse_queryincludes\class-folders.php:76

filterajax_query_attachments_argsincludes\class-folders.php:77

filterattachment_fields_to_editincludes\class-folders.php:78

filterrl_count_attachmentsincludes\class-folders.php:79

filterupload_post_paramsincludes\class-folders.php:473

actionadmin_print_stylesincludes\class-folders.php:1783

actionwp_enqueue_scriptsincludes\class-frontend.php:40

actionwp_enqueue_scriptsincludes\class-frontend.php:41

actionrl_before_galleryincludes\class-frontend.php:42

actionrl_after_galleryincludes\class-frontend.php:43

filterrl_gallery_container_classincludes\class-frontend.php:46

filterthe_contentincludes\class-frontend.php:47

filterthe_contentincludes\class-frontend.php:48

filterwp_get_attachment_linkincludes\class-frontend.php:49

filterget_comment_textincludes\class-frontend.php:50

filterdynamic_sidebar_paramsincludes\class-frontend.php:51

filterrl_widget_outputincludes\class-frontend.php:52

filterpost_galleryincludes\class-frontend.php:53

filterpost_galleryincludes\class-frontend.php:54

filterpost_galleryincludes\class-frontend.php:55

filterpost_galleryincludes\class-frontend.php:56

filterpost_galleryincludes\class-frontend.php:57

filtervc_shortcode_content_filter_afterincludes\class-frontend.php:60

filterwoocommerce_single_product_image_htmlincludes\class-frontend.php:63

filterwoocommerce_single_product_image_thumbnail_htmlincludes\class-frontend.php:64

actionwoocommerce_product_thumbnailsincludes\class-frontend.php:1328

actioninitincludes\class-galleries.php:67

actionadmin_initincludes\class-galleries.php:68

actioncurrent_screenincludes\class-galleries.php:69

actionedit_form_after_titleincludes\class-galleries.php:70

actionadmin_footerincludes\class-galleries.php:71

actioncustomize_controls_print_footer_scriptsincludes\class-galleries.php:72

actionmedia_buttonsincludes\class-galleries.php:73

actionadd_meta_boxes_rl_galleryincludes\class-galleries.php:74

actionsave_post_rl_galleryincludes\class-galleries.php:75

actionmanage_rl_gallery_posts_custom_columnincludes\class-galleries.php:76

actionadmin_action_duplicate_galleryincludes\class-galleries.php:77

action_wp_put_post_revisionincludes\class-galleries.php:84

actiondelete_attachmentincludes\class-galleries.php:85

actionshutdownincludes\class-galleries.php:86

actionwp_loadedincludes\class-galleries.php:87

filtermanage_rl_gallery_posts_columnsincludes\class-galleries.php:90

filteradmin_post_thumbnail_htmlincludes\class-galleries.php:91

filterpost_thumbnail_htmlincludes\class-galleries.php:92

filterpreview_post_linkincludes\class-galleries.php:93

filterpost_row_actionsincludes\class-galleries.php:94

filterredirect_post_locationincludes\class-galleries.php:97

filterget_post_metadataincludes\class-galleries.php:332

filterwp_insert_attachment_dataincludes\class-galleries.php:933

filterwp_insert_attachment_dataincludes\class-galleries.php:963

filterwp_insert_attachment_dataincludes\class-galleries.php:1041

actionsave_post_rl_galleryincludes\class-galleries.php:1620

filterrl_count_attachmentsincludes\class-multilang.php:51

actionadmin_initincludes\class-multilang.php:72

actionadmin_initincludes\class-multilang.php:78

filtersetup_themeincludes\class-multilang.php:81

filterrl_root_folder_query_argsincludes\class-multilang.php:82

filterrl_gallery_query_argsincludes\class-multilang.php:83

filterrl_folders_query_argsincludes\class-multilang.php:84

filterrl_get_gallery_images_attachmentsincludes\class-multilang.php:85

filterrl_folders_media_folder_urlincludes\class-multilang.php:86

filterrl_remote_library_provider_fieldsincludes\class-remote-library-api.php:71

filterrl_remote_library_settingsincludes\class-remote-library-api.php:74

filterrl_remote_library_queryincludes\class-remote-library-api.php:77

actionadmin_enqueue_scriptsincludes\class-remote-library.php:39

filterimage_send_to_editorincludes\class-remote-library.php:42

actionadmin_menuincludes\class-settings-api.php:57

actionadmin_initincludes\class-settings-api.php:58

actionadmin_enqueue_scriptsincludes\class-settings-api.php:59

actionadmin_initincludes\class-settings-api.php:62

actionadmin_enqueue_scriptsincludes\class-settings-api.php:63

filterrl_settings_pagesincludes\class-settings-pages.php:21

actionafter_setup_themeincludes\class-settings.php:79

actionadmin_initincludes\class-settings.php:80

actionadmin_menuincludes\class-settings.php:81

actionrl_settings_sidebarincludes\class-settings.php:82

filterparent_fileincludes\class-settings.php:83

filtersubmenu_fileincludes\class-settings.php:84

filterrl_settings_dataincludes\class-settings.php:87

actionadmin_initincludes\class-tour.php:22

actionadmin_enqueue_scriptsincludes\class-tour.php:79

actionadmin_print_footer_scriptsincludes\class-tour.php:80

actionadmin_menuincludes\class-welcome.php:22

actionadmin_headincludes\class-welcome.php:23

actionadmin_initincludes\class-welcome.php:24

actionwidgets_initincludes\class-widgets.php:22

filtersafe_style_cssincludes\class-widgets.php:737

actionadd_meta_boxes_rl_galleryincludes\galleries\class-gallery-api.php:76

actionadmin_enqueue_scriptsincludes\galleries\class-gallery-api.php:79

filterrl_gallery_settings_tabsincludes\galleries\class-gallery-base.php:44

actionrl_before_galleryincludes\galleries\trait-gallery-image-methods.php:563

actionrl_after_galleryincludes\galleries\trait-gallery-image-methods.php:565

actionrl_before_galleryincludes\galleries\trait-gallery-image-methods.php:567

actionrl_after_galleryincludes\galleries\trait-gallery-image-methods.php:568

filterrl_remote_library_query_last_pageincludes\providers\class-wikimedia.php:64

filterrl_settings_dataincludes\settings\class-settings-base.php:45

actionupgrader_process_completeresponsive-lightbox.php:402

actionplugins_loadedresponsive-lightbox.php:403

actionin_admin_headerresponsive-lightbox.php:404

actionafter_setup_themeresponsive-lightbox.php:405

actioninitresponsive-lightbox.php:406

actioninitresponsive-lightbox.php:407

actioninitresponsive-lightbox.php:408

actioninitresponsive-lightbox.php:409

actionadmin_initresponsive-lightbox.php:410

actionwp_enqueue_scriptsresponsive-lightbox.php:411

actionadmin_enqueue_scriptsresponsive-lightbox.php:412

actionsidebar_admin_setupresponsive-lightbox.php:413

actionadmin_footerresponsive-lightbox.php:414

filterplugin_row_metaresponsive-lightbox.php:420

actionadmin_print_scriptsresponsive-lightbox.php:822

actionadmin_noticesresponsive-lightbox.php:892

actionnetwork_admin_noticesresponsive-lightbox.php:895

actionpre_get_postsresponsive-lightbox.php:1316

filterpost_updated_messagesresponsive-lightbox.php:1318

actionenqueue_block_editor_assetsresponsive-lightbox.php:1729

filterblock_categories_allresponsive-lightbox.php:1733

filterblock_categoriesresponsive-lightbox.php:1735

Maintenance & Trust

Responsive Lightbox & Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version7.0

Downloads6.5M

Community Trust

Rating98/100

Number of ratings1,994

Active installs100K

Alternatives

Responsive Lightbox & Gallery Alternatives

Lightbox & Modal Popup WordPress Plugin – FooBox

foobox-image-lightbox

A responsive image lightbox for WordPress galleries, WordPress attachments & FooGallery

100K 5 CVEs

Lightbox with PhotoSwipe

lightbox-photoswipe

100

Integration of PhotoSwipe (http://photoswipe.com) for WordPress.

20K No CVEs

Cleaner Gallery

cleaner-gallery

A cleaner WordPress [gallery] that integrates with multiple Lightbox-type scripts.

2K No CVEs

Gallery Block by Galleryberg: Lightbox with Tiles, Masonry, Square, & Justified Layouts

galleryberg-gallery-block

100

A powerful and customizable gallery block for WordPress.

1K No CVEs

PhotoSwipe

photo-swipe

A very light implementation of PhotoSwipe javascript plugin for WordPress

1K No CVEs

Developer Profile

Responsive Lightbox & Gallery Developer Profile

dFactory

12 plugins · 357K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

251 days

View full developer profile

Detection Fingerprints

How We Detect Responsive Lightbox & Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/responsive-lightbox/assets/css/responsive-lightbox.css/wp-content/plugins/responsive-lightbox/assets/js/jquery.prettyPhoto.js/wp-content/plugins/responsive-lightbox/assets/js/jquery.swipebox.min.js/wp-content/plugins/responsive-lightbox/assets/js/jquery.nivo.slider.js/wp-content/plugins/responsive-lightbox/assets/js/imagelightbox.js/wp-content/plugins/responsive-lightbox/assets/js/tosrus.min.js/wp-content/plugins/responsive-lightbox/assets/js/featherlight.min.js/wp-content/plugins/responsive-lightbox/assets/js/magnific.min.js+3 more

Generator Patterns

Responsive Lightbox & Gallery

Script Paths

/wp-content/plugins/responsive-lightbox/assets/js/responsive-lightbox.js

Version Parameters

/wp-content/plugins/responsive-lightbox/assets/css/responsive-lightbox.css?ver=/wp-content/plugins/responsive-lightbox/assets/js/responsive-lightbox.js?ver=

HTML / DOM Fingerprints

CSS Classes

rl-gallery-itemrl-gallery-captionrl-gallery-title

HTML Comments

+1 more

Data Attributes

data-rl-gallerydata-rl-gallery-iddata-rl-item-iddata-rl-captiondata-rl-title

JS Globals

ResponsiveLightboxConfigRLGallery

REST Endpoints

/wp-json/responsive-lightbox/v1/galleries/wp-json/responsive-lightbox/v1/settings

Shortcode Output

[responsive_lightbox_gallery[responsive_gallery

FAQ

Responsive Lightbox & Gallery Security & Risk Analysis

Is Responsive Lightbox & Gallery Safe to Use in 2026?

Generally Safe

Key Concerns

Responsive Lightbox & Gallery Security Vulnerabilities

CVEs by Year

Severity Breakdown

Responsive Lightbox & Gallery Release Timeline

Responsive Lightbox & Gallery Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Responsive Lightbox & Gallery Attack Surface

AJAX Handlers 21

Shortcodes 1

Responsive Lightbox & Gallery Maintenance & Trust

Maintenance Signals

Community Trust

Responsive Lightbox & Gallery Alternatives

Lightbox & Modal Popup WordPress Plugin – FooBox

Lightbox with PhotoSwipe

Cleaner Gallery

Gallery Block by Galleryberg: Lightbox with Tiles, Masonry, Square, & Justified Layouts

PhotoSwipe

Responsive Lightbox & Gallery Developer Profile

How We Detect Responsive Lightbox & Gallery

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Responsive Lightbox & Gallery