VYPR

Stageshow

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-5703MedJun 6, 2025
    risk 0.42cvss 6.4epss 0.00

    The StageShow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘anchor’ parameter in all versions up to, and including, 10.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2024-13705MedJan 30, 2025
    risk 0.33cvss 6.1epss 0.00

    The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 9.8.6. This makes it possible for unauthenticated attackers to inject arbitrary web…

  • CVE-2015-5461Jul 8, 2015
    risk 0.01cvss epss 0.06

    Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.