VYPR

Topbar

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-31928MedApr 11, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Darko Top Bar allows Stored XSS.This issue affects Top Bar: from n/a through 3.0.5.

  • CVE-2025-30581MedMar 24, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in PluginOps Top Bar ultimate-bar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top Bar: from n/a through <= 3.3.

  • CVE-2022-2629MedOct 10, 2022
    risk 0.31cvss 4.8epss 0.01

    The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is…

  • CVE-2025-10300MedOct 15, 2025
    risk 0.28cvss 4.3epss 0.00

    The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the fme_nb_topbar_save_settings() function. This makes it possible for unauthenticated attackers to…