30 matches found
ROOT-APP-NPM-CVE-2023-26133 CVE-2023-26133 in @rootio/progressbar.js - Patched by Root
Root has patched CVE-2023-26133 in the @rootio/progressbar.js package for Root:npm. Multiple fixed versions available...
CVE-2026-2687
The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Reading progressbar plugin < 1.3.1 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Reading progressbar versions 1.3.1...
EUVD-2026-11531
The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2026-2687
The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2026-2687
CVE-2026-2687 affects the WordPress plugin Reading progressbar prior to 1.3.1. The vulnerability arises because the plugin does not sanitize and escape certain settings, which could allow stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisi...
CVE-2026-2687 Reading progressbar < 1.3.1 - Admin+ Stored XSS
The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2026-2687 Reading progressbar < 1.3.1 - Admin+ Stored XSS
The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2026-2687
The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2026-24925
The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed for example in multisite setup...
WordPress plugin Reading progressbar 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-7058
CVE-2025-7058 affects the WordPress theme Kingcabs. The vulnerability is a Stored Cross‑Site Scripting (XSS) in the progressbarLayout parameter present in versions up to 1.1.9. Exploitation requires authenticated access at Contributor level or higher ; an attacker can inject scripts that execute ...
CVE-2025-7058 Kingcabs <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter
The Kingcabs theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘progressbarLayout’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
EUVD-2025-199130
Malicious code in @tiaanduplessis/react-progressbar npm...
Malicious code in @tiaanduplessis/react-progressbar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c18eaaf382ded7fad4b78f8d9f3a489ac24d4482bdb989fe5dabea0e17c36902 The package @tiaanduplessis/react-progressbar was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191057 Malicious code in @tiaanduplessis/react-progressbar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c18eaaf382ded7fad4b78f8d9f3a489ac24d4482bdb989fe5dabea0e17c36902 The package @tiaanduplessis/react-progressbar was found to contain malicious code. Source: ghsa-malware...
@lessondesk/schoolbus (>=3.0.43 <=5.2.1) potentially affected by unknown CVE via @tiaanduplessis/react-progressbar (=1.0.0)
@tiaanduplessis/react-progressbar NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @tiaanduplessis/react-progressbar and may be impacted: - @lessondesk/schoolbus =3.0.43, =5.2.1 Source cves: unknown CVE Source advisory:...
CVE-2024-11199
The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rescueprogressbar shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Rescue Shortcodes plugin <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via rescue_progressbar Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via rescueprogressbar Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Rescue Shortcodes versions = 2.9...
WordPress plugin Rescue Shortcodes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...