CVE-2026-28034 WordPress Progress theme <= 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Progress progress allows PHP Local File Inclusion.This issue affects Progress: from n/a through = 1.2...

CVE-2026-28034

CVE-2026-28034 : An improper control of filename for include/require statements in PHP ('PHP Remote File Inclusion') affects the ThemeREX Progress WordPress theme, specifically Progress versions

WordPress Progress theme <= 1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Progress versions = 1.2...

CVE-2025-47441 WordPress Progress Bar plugin <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Reynolds Progress Bar progress-bar allows Stored XSS.This issue affects Progress Bar: from n/a through = 2.2.3...

CVE-2025-47441 WordPress Progress Bar plugin <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Reynolds Progress Bar progress-bar allows Stored XSS.This issue affects Progress Bar: from n/a through = 2.2.3...

CVE-2025-23892 WordPress Progress Tracker plugin <= 0.9.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Furr Progress Tracker progress-tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through = 0.9.3...

CVE-2025-23892

CVE-2025-23892 affects Progress Tracker (WordPress plugin). Description from connected sources confirms a DOM-based XSS flaw caused by improper input neutralization, affecting Progress Tracker versions up to 0.9.3. Red Hat and Wordfence entries corroborate the vulnerability and indicate the patch...

WordPress Progress Planner Plugin <= 0.9.1 is vulnerable to Broken Access Control

Software Progress Planner Type Plugin Vulnerable versions = 0.9.1 Fixed in 0.9.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37411 Patch priority Low CVSS severity Low 5.3 Developer Emilia Projects PSID ebabbb98b307 Credits Djennez Required privilege...

WordPress Progress Planner Plugin <= 0.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Progress Planner Type Plugin Vulnerable versions = 0.9.2 Fixed in 0.9.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37422 Patch priority Medium CVSS severity Medium 6.5 Developer Emilia Projects PSID ae1b0a295095 Credits justakazh Required privilege...