PT-2026-23835 · WordPress · Wp App Bar
Bhumividh Treloges
·
Published
2026-03-07
·
Updated
2026-03-12
·
CVE-2026-1074
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP App Bar plugin for WordPress versions up to and including 1.5
Description
The WP App Bar plugin for WordPress is susceptible to Stored Cross-Site Scripting through the
app-bar-features parameter. This is a result of inadequate input sanitization and output escaping, coupled with a missing authorization check within the App Bar Settings class constructor. This allows unauthenticated attackers to inject arbitrary web scripts into multiple plugin settings, which will then execute when a user accesses the admin settings page.Recommendations
Update the WP App Bar plugin to a version newer than 1.5.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp App Bar