anonhaven
Ad

CVE-2026-2687

NONE
Updated Mar 12, 2026
WordPress
Parameter Value
Affected Versions before 1.3.1
Vendor WordPress
Public PoC No

The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

References 1

https://wpscan.com/vulnerability/af2e1249-2b69-47b6-85aa-9a6b30c51936/
contact@wpscan.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2025-15473

WordPress

None

CVE-2026-3657

WordPress

7.5

CVE-2026-3226

WordPress

4.3

CVE-2026-3496

WordPress

7.5

CVE-2026-3178

WordPress

7.2