# Exploit Title: WordPress Plugin Circle progress bar – Cross site scripting-Stored # Date: 2-06-2023 # Exploit Author: Taliya Bilal- NightHawk # Vendor Homepage: https://wordpress.org/plugins/circle-progress-bar/ # Version: 1.0 # Tested on: Firefox # Contact me: taliyabilal765@gmail.com # Steps to reproduce: 1. Install Circle progress bar and activate plugin. 2. Navigate to Circle progress bar plugin. 3. Fill the title field with xss payload <img src=x onerror=alert(1)> 4. Click the option preview post. Here the popup will appear. #Screenshot:https://freeimage.host/i/Hrbmskvhttps://freeimage.host/i/Hrbmy4n