Does Simple Lightbox have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Lightbox have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Lightbox compatible with WordPress 6.9.4?

According to WordPress.org data, Simple Lightbox 2.9.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Simple Lightbox compatible with PHP 5.6.20+?

Simple Lightbox requires PHP 5.6.20 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Lightbox updated?

Simple Lightbox was last updated on Feb 24, 2026. Frequent updates are generally a positive security signal.

What is Simple Lightbox's security score?

Simple Lightbox has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Lightbox Security & Risk Analysis

wordpress.org/plugins/simple-lightbox

The highly customizable lightbox for WordPress

100K active installs v2.9.5 PHP 5.6.20+ WP 5.3+ Updated Feb 24, 2026

galleryimagelightboxphotographyslideshow

A · Safe

CVEs total1

Unpatched0

Last CVEApr 25, 2025

Plugin page Download

Safety Verdict

Is Simple Lightbox Safe to Use in 2026?

Generally Safe

Score 99/100

Simple Lightbox has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 25, 2025Updated 1mo ago

Risk Assessment

The Simple Lightbox plugin, version 2.9.5, presents a generally good security posture based on the static analysis. The plugin boasts a clean attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are unprotected. This significantly limits potential entry points for attackers. Furthermore, the code analysis shows a healthy use of prepared statements for SQL queries and a reasonable percentage of properly escaped output, indicating that the developers are mindful of common web vulnerabilities. The presence of nonce and capability checks also suggests an effort to implement authorization and integrity measures.

Key Concerns

Medium severity vulnerability in history
Output escaping not fully implemented

Vulnerabilities

Simple Lightbox Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-3516medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Lightbox <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 25, 2025 Patched in 2.9.4 (36d)

Code Analysis

Analyzed Mar 16, 2026

Simple Lightbox Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

25 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

76% escaped33 total outputs

Attack Surface

Simple Lightbox Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 52

actionadmin_menucontroller.php:211

actionwpcontroller.php:214

actionwp_footercontroller.php:230

actionfooter_scriptcontroller.php:231

filterfooter_scriptcontroller.php:232

filterthe_contentcontroller.php:234

filterget_post_galleriescontroller.php:235

filterpost_process_linkscontroller.php:236

filtervalidate_uri_regexcontroller.php:237

filterpre_process_linkscontroller.php:239

filterpre_exclude_contentcontroller.php:240

filterpost_process_linkscontroller.php:241

filterget_group_idcontroller.php:245

filterthe_contentcontroller.php:250

actiondynamic_sidebar_beforecontroller.php:255

actiondynamic_sidebarcontroller.php:256

filterdynamic_sidebar_paramscontroller.php:257

actiondynamic_sidebar_aftercontroller.php:258

actiondynamic_sidebar_aftercontroller.php:259

actiondynamic_sidebar_beforecontroller.php:261

actiondynamic_sidebar_aftercontroller.php:262

filterwp_nav_menucontroller.php:267

actionresetcontroller.php:577

actionwp_print_footer_scriptscontroller.php:1020

filterget_group_idcontroller.php:1597

filteris_content_validcontroller.php:1691

actionload-plugins.phpincludes\class-requirements-check.php:103

actionadmin_noticesincludes\class-requirements-check.php:143

actionadmin_menuincludes\class.admin.php:84

actionadmin_noticesincludes\class.admin.php:90

filterplugin_row_metaincludes\class.admin.php:94

filtersite_transient_update_pluginsincludes\class.admin.php:96

filteradmin_messagesincludes\class.admin_view.php:319

actioninitincludes\class.base.php:277

actioninitincludes\class.content_handlers.php:34

actionfooterincludes\class.content_handlers.php:35

filterfooter_scriptincludes\class.content_handlers.php:36

actioninitincludes\class.fields.php:28

actioninitincludes\class.fields.php:30

actionadmin_print_footer_scriptsincludes\class.fields.php:96

actionregister_fieldsincludes\class.options.php:56

actionfields_registeredincludes\class.options.php:58

actionbuild_initincludes\class.options.php:60

actionadmin_page_render_contentincludes\class.options.php:62

filteradmin_action_resetincludes\class.options.php:63

actioninitincludes\class.template_tags.php:34

actionfooterincludes\class.template_tags.php:35

filterfooter_scriptincludes\class.template_tags.php:36

actioninitincludes\class.themes.php:29

actionfooterincludes\class.themes.php:32

filterfooter_scriptincludes\class.themes.php:33

actioninitmain.php:45

Maintenance & Trust

Simple Lightbox Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 24, 2026

PHP min version5.6.20

Downloads3.0M

Community Trust

Rating86/100

Number of ratings236

Active installs100K

Alternatives

Simple Lightbox Alternatives

FCP Lightest Lightbox

fcp-lightest-lightbox

100

Super lightweight Lighbox for WordPress

100 No CVEs

peLightbox Gallery Slider – Responsive Lightbox, Slideshow, Carousel, Image & Video Gallery

pelightbox-gallery-slider

100

peLightbox Gallery is a beautiful, responsive WordPress lightbox gallery and slider plugin

100 No CVEs

Basic Protected Lightbox

basic-protected-lightbox

A lightweight, simple lightbox with basic image protection capabilities.

10 No CVEs

Bilych Gallery

bilych-gallery

This plugin replace default Wordpress gallery.

10 No CVEs

Smart Slider 3

smart-slider-3

Responsive slider plugin to create sliders in visual editor easily. Build beautiful image slider, layer slider, video slider, post slider, and more.

800K 7 CVEs

Developer Profile

Simple Lightbox Developer Profile

Archetyped

4 plugins · 150K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

29 days

View full developer profile

Detection Fingerprints

How We Detect Simple Lightbox

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-lightbox/js/simple-lightbox.min.js/wp-content/plugins/simple-lightbox/css/simple-lightbox.min.css

Script Paths

/wp-content/plugins/simple-lightbox/js/simple-lightbox.min.js

Version Parameters

simple-lightbox/js/simple-lightbox.min.js?ver=simple-lightbox/css/simple-lightbox.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

slb_containerslb_closeslb_prevslb_nextslb_captionslb_titleslb_descriptionslb_nav+5 more

Data Attributes

data-slb-groupdata-slb-activedata-slb-loopdata-slb-thumbnailsdata-slb-themedata-slb-title+50 more

JS Globals

slb

FAQ