VulnerAlert



WORDPRESS
12-03-2026 03:20

CVE-2026-2687 Vulnerabilidad documentada

Sin puntuación
Tags
#wordpress
#site
#plugin
#cross
#lte
#form
#cross-site
#admin
#/admin(.*)lte/iU
#admin lte
#cross-site scripting
#scripting
#privilege
#allow
#attack
Descripción
The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
https://wpscan.com/vulnerability/af2e1249-2b69-47b6-85aa-9a6b30c51936/
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2026-2687
Resultados similares
Coincidentes en almenos en 50% de los tags
12-03-2026 CVE-2025-15473
The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, al...
Ver información
11-03-2026 CVE-2026-3534
The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `ast-page-ba...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por