Stored Cross-Site Scripting Vulnerability in RPB Chessboard Plugin for WordPress
CVE-2026-13042
7.2HIGH
What is CVE-2026-13042?
The RPB Chessboard plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping in comment content. Unauthenticated attackers can exploit this weakness to inject arbitrary web scripts into pages. These scripts execute when users access the compromised pages, potentially leading to serious security risks. The issue persists despite WordPress's built-in kses sanitization because the crafted payload uses allowed tags and attributes, allowing the plugin's comment_text filter to synthesize dangerous content upon page rendering.
Affected Version(s)
RPB Chessboard 0 <= 8.1.2