Stored Cross-Site Scripting Vulnerability in RPB Chessboard Plugin for WordPress
CVE-2026-13042

7.2HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
16 July 2026

What is CVE-2026-13042?

The RPB Chessboard plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping in comment content. Unauthenticated attackers can exploit this weakness to inject arbitrary web scripts into pages. These scripts execute when users access the compromised pages, potentially leading to serious security risks. The issue persists despite WordPress's built-in kses sanitization because the crafted payload uses allowed tags and attributes, allowing the plugin's comment_text filter to synthesize dangerous content upon page rendering.

Affected Version(s)

RPB Chessboard 0 <= 8.1.2

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

theviper17y
.