4 matches found
CVE-2026-1074
The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar-features' parameter in all versions up to, and including, 1.5. This is due to insufficient input sanitization and output escaping combined with a missing authorization check in the AppBarSettings cla...
CVE-2026-1074 WP App Bar <= 1.5 - Unauthenticated Stored Cross-Site Scripting via 'app-bar-features' Parameter
The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar-features' parameter in all versions up to, and including, 1.5. This is due to insufficient input sanitization and output escaping combined with a missing authorization check in the AppBarSettings cla...
CVE-2026-1074 WP App Bar <= 1.5 - Unauthenticated Stored Cross-Site Scripting via 'app-bar-features' Parameter
The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar-features' parameter in all versions up to, and including, 1.5. This is due to insufficient input sanitization and output escaping combined with a missing authorization check in the AppBarSettings cla...
CVE-2026-1074
CVE-2026-1074 concerns the WP App Bar WordPress plugin. It describes a stored cross-site scripting (XSS) vulnerability via the app-bar-features parameter in all versions up to and including 1.5, caused by insufficient input sanitization and output escaping plus a missing authorization check in th...