Mang Board Wp
Monthly
Reflected Cross-Site Scripting in the Mang Board WP WordPress plugin (all versions through 2.3.4) allows unauthenticated attackers to inject arbitrary JavaScript via the unsanitized 'stag' parameter, which executes in the browser of any user who clicks a crafted link. Wordfence's source-level analysis identifies the flaw spanning multiple plugin files including _header.php, func.board.php, and class.store.php. No active exploitation has been identified (not in CISA KEV) and no EPSS score was provided, but the PR:N/UI:R profile makes this a viable phishing-assisted attack against WordPress site administrators and editors.
Reflected Cross-Site Scripting in the Mang Board WP WordPress plugin (all versions through 2.3.4) allows unauthenticated attackers to inject arbitrary JavaScript via the unsanitized 'stag' parameter, which executes in the browser of any user who clicks a crafted link. Wordfence's source-level analysis identifies the flaw spanning multiple plugin files including _header.php, func.board.php, and class.store.php. No active exploitation has been identified (not in CISA KEV) and no EPSS score was provided, but the PR:N/UI:R profile makes this a viable phishing-assisted attack against WordPress site administrators and editors.