PT-2026-24925 · Undefined · Undefined
Krugov Artyom
·
Publicado
2026-03-12
·
Atualizado
2026-03-12
·
CVE-2026-2687
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Reading progressbar WordPress plugin versions prior to 1.3.1
Description
The Reading progressbar WordPress plugin does not properly sanitise and escape certain settings. This could allow users with high privileges, such as administrators, to carry out Stored Cross-Site Scripting (XSS) attacks. This is possible even when the
unfiltered html capability is disabled, for example, in a multisite setup. Stored XSS occurs when malicious scripts are persistently stored on the target server, allowing them to be delivered to other users who access the affected content.Recommendations
Update the Reading progressbar WordPress plugin to version 1.3.1 or later.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Undefined