PT-2026-23835 · WordPress · Wp App Bar
Bhumividh Treloges
·
Publicado
2026-03-07
·
Atualizado
2026-03-12
·
CVE-2026-1074
CVSS v3.1
7.2
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP App Bar plugin for WordPress versions up to and including 1.5
Description
The WP App Bar plugin for WordPress is susceptible to Stored Cross-Site Scripting through the
app-bar-features parameter. This is a result of inadequate input sanitization and output escaping, coupled with a missing authorization check within the App Bar Settings class constructor. This allows unauthenticated attackers to inject arbitrary web scripts into multiple plugin settings, which will then execute when a user accesses the admin settings page.Recommendations
Update the WP App Bar plugin to a version newer than 1.5.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wp App Bar