PT-2026-24925 · Undefined · Undefined
Krugov Artyom
·
Published
2026-03-12
·
Updated
2026-03-12
·
CVE-2026-2687
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Reading progressbar WordPress plugin versions prior to 1.3.1
Description
The Reading progressbar WordPress plugin does not properly sanitise and escape certain settings. This could allow users with high privileges, such as administrators, to carry out Stored Cross-Site Scripting (XSS) attacks. This is possible even when the
unfiltered html capability is disabled, for example, in a multisite setup. Stored XSS occurs when malicious scripts are persistently stored on the target server, allowing them to be delivered to other users who access the affected content.Recommendations
Update the Reading progressbar WordPress plugin to version 1.3.1 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Undefined