cleantalk
Vulnerabilities and Security Researches

Responsive Progress Bar, CVE-2025-11883

CVE, Research URL

CVE-2025-11883

Home page URL

Security reports for Responsive Progress Bar

Application

Responsive Progress Bar

Published on
Oct 22, 2025
Research Description
The Responsive Progress Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rprogress shortcode in versions less than, or equal to, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.0.
Status
vulnerable
Previous vulnerability researches
Web Accessibility By accessiBe (CVE-2025-26981) , Feb 26, 2025
Web Accessibility By accessiBe (CVE-2025-49920) , Nov 10, 2025
Web Accessibility By accessiBe (CVE-2025-10375) , Nov 10, 2025
Web Accessibility By accessiBe (151e736d05eec320b4def08cf3fffb534b42ed58) , Jun 06, 2024
New vulnerability
WP Easy Toggles (CVE-2025-10190) , Nov 11, 2025
Blockspare – Expert Starter Templates Library and Gutenberg Blocks for Stunning Blogs, News, Magazines, and Agency Sites. (CVE-2025-62026) , Nov 11, 2025
WPC Smart Messages for WooCommerce (CVE-2025-62903) , Nov 11, 2025
Popular Posts by Webline (CVE-2025-62900) , Nov 11, 2025
Simple Youtube Shortcode (CVE-2025-11811) , Nov 11, 2025