Skip to main content

Stageshow

2 CVEs product

Monthly

CVE-2025-5703 MEDIUM This Month

The StageShow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘anchor’ parameter in all versions up to, and including, 10.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Stageshow PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2015-5461 MEDIUM POC PATCH THREAT This Month

Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.8%.

WordPress PHP Open Redirect Stageshow
NVD
CVSS 2.0
6.4
EPSS
17.8%
EPSS 0% CVSS 6.4
MEDIUM This Month

The StageShow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘anchor’ parameter in all versions up to, and including, 10.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Stageshow +1
NVD
EPSS 18% CVSS 6.4
MEDIUM POC PATCH THREAT This Month

Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.8%.

WordPress PHP Open Redirect +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy