Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Network-delivered reflected XSS requiring no privileges but mandatory victim click; scope changes to victim browser enabling limited confidentiality and integrity impact with no availability impact.
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'stag' parameter in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
AnalysisAI
Reflected Cross-Site Scripting in the Mang Board WP WordPress plugin (all versions through 2.3.4) allows unauthenticated attackers to inject arbitrary JavaScript via the unsanitized 'stag' parameter, which executes in the browser of any user who clicks a crafted link. Wordfence's source-level analysis identifies the flaw spanning multiple plugin files including _header.php, func.board.php, and class.store.php. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The victim must actively navigate to a crafted URL containing the malicious 'stag' parameter value - this mandatory user interaction (UI:R in the CVSS vector) is the primary limiting factor. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 6.1 (Medium) with vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N accurately characterizes the profile: network-accessible with no complexity or privilege prerequisites on the attacker side, but gated by required user interaction (UI:R). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker identifies a WordPress site running Mang Board WP 2.3.4 or earlier, then constructs a board page URL embedding a JavaScript payload in the 'stag' parameter and delivers it to a site administrator via a phishing email or social engineering. When the administrator clicks the link, the injected script executes in their authenticated browser session, enabling the attacker to steal session cookies, capture credentials, or perform privileged WordPress admin actions on the victim's behalf. |
| Remediation | Update the Mang Board WP plugin beyond version 2.3.4; a fix is available in WordPress SVN changeset 3598739 (https://plugins.trac.wordpress.org/changeset?reponame=&old=3598739%40mangboard&new=3598739%40mangboard), though the exact version number of the released patched build is not stated in available input data and should be verified in the WordPress plugin directory or via the Wordfence advisory at https://www.wordfence.com/threat-intel/vulnerabilities/id/0f42b2be-2a7d-470a-896d-6148e31e4cce before updating. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42538
GHSA-pm92-5rp3-r8mg