关键漏洞信息 漏洞类型: Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library CVE编号: CVE-2025-5092 CVSS评分及等级: 6.4 (Medium) 公开发布日期: 2025-11-19 最后更新日期: 2025-11-20 研究人员: Webbernat 影响的软件包: 1. Gallery with thumbnail slider (Plugin) - <= 7.8 (未修补) 2. Ibtana – WordPress Website Builder (Plugin) - <= 1.2.5.1 (已修补, 版本1.2.5.2) 3. Image Hover Effects Ultimate (Plugin) - <= 9.10.5 (未修补) 4. LightGallery WP (Plugin) - <= 1.0.5 (未修补) 5. OnePress (Theme) - <= 2.3.15 (未修补) 6. Portfolio, Gallery, Product Catalog – Grid KIT (Plugin) - <= 2.2.1 (已修补, 版本2.2.2) 7. Royal Addons for Elementor – Addons and Templates Kit for Elementor (Plugin) - <= 1.7.1031 (已修补, 版本1.7.1032) 8. TP WooCommerce Product Gallery (Plugin) - <= 1.1.9 (已修补, 版本2.0.0) 修复建议: 对于未修补的软件包,建议及时更新到最新版本或寻找替代方案。