CVE-2025-5703
- EPSS 0.04%
- Veröffentlicht 06.06.2025 06:42:50
- Zuletzt bearbeitet 15.07.2025 17:15:17
The StageShow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘anchor’ parameter in all versions up to, and including, 10.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2024-13705
- EPSS 0.52%
- Veröffentlicht 30.01.2025 14:15:36
- Zuletzt bearbeitet 31.01.2025 18:17:10
The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 9.8.6. This makes it possible for unauthenticated atta...
CVE-2015-5461
- EPSS 17.79%
- Veröffentlicht 08.07.2015 16:59:04
- Zuletzt bearbeitet 12.04.2025 10:46:40
Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url param...