The DOM XSS vulnerability in the “prettyPhoto” JS library we are using in our StarLite Pretty Photo extension, was discovered by a 3rd-Pty and publicly disclosed some months ago on many websites, here one of the examples: https://www.saotn.org/prettyphoto-dom-based-xss/

A solution in our case is pretty easy with help of https://github.com/scaron/prettyphoto/issues/149, we’ve just replaced the JS library with latest version 3.1.6 and tested, now the StarLite Pretty Photo is free from the DOM XSS vulnerability. This fix is applied to StarLite Pretty Photo version 1.3, so we urge you to update your existing StarLite Pretty Photo plugin to the newer version.

Click here to download the StarLite Pretty Photo version 1.3