CVE-2016-10865

The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt