CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

NVD•added 2025/06/06 7:15 a.m.•7 views

CVE-2025-5703

The StageShow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘anchor’ parameter in all versions up to, and including, 10.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS0.00126EPSS

Exploits0References3

Vulnrichment•added 2025/06/06 6:42 a.m.•3 views

CVE-2025-5703 StageShow <= 10.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor Parameter

6.4CVSS5.9AI score0.00126EPSS

Exploits0References3

CVE•added 2025/06/06 6:42 a.m.•49 views

CVE-2025-5703

The connected Wordfence document confirms CVE-2025-5703 affects the StageShow WordPress plugin, with a Stored Cross-Site Scripting vulnerability via the anchor parameter in all versions up to 10.0.3, caused by insufficient input sanitization and output escaping. Exploitation requires authenticati...

6.4CVSS5.8AI score0.00126EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/06/06 6:42 a.m.•5 views

CVE-2025-5703 StageShow <= 10.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor Parameter

6.4CVSS0.00126EPSS

Exploits0References3

CNNVD•added 2025/06/06 12:0 a.m.•1 views

WordPress plugin StageShow 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6.1AI score0.00126EPSS

Exploits0References3

Positive Technologies•added 2025/06/06 12:0 a.m.•2 views

PT-2025-24046 · WordPress · Stageshow

Name of the Vulnerable Software and Affected Versions: StageShow plugin for WordPress versions up to, and including, 10.0.3 Description: The issue is related to Stored Cross-Site Scripting via the anchor parameter due to insufficient input sanitization and output escaping. This allows authenticat...

6.4CVSS5.7AI score0.00126EPSS

Exploits0References8

RedhatCVE•added 2025/05/23 7:34 a.m.•4 views

CVE-2024-13705

The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 9.8.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...

6.1CVSS6.4AI score0.00697EPSS

Exploits0References1

OSV•added 2025/01/30 2:15 p.m.•0 views

CVE-2024-13705

6.1CVSS5.9AI score

Exploits0References2

NVD•added 2025/01/30 2:15 p.m.•9 views

CVE-2024-13705

6.1CVSS0.00697EPSS

Exploits0References4

Vulnrichment•added 2025/01/30 1:41 p.m.•6 views

CVE-2024-13705 StageShow <= 9.8.6 - Reflected Cross-Site Scripting

6.1CVSS6.1AI score0.00697EPSS

Exploits0References4

Cvelist•added 2025/01/30 1:41 p.m.•9 views

CVE-2024-13705 StageShow <= 9.8.6 - Reflected Cross-Site Scripting

6.1CVSS0.00697EPSS

Exploits0References4

CVE•added 2025/01/30 1:41 p.m.•42 views

CVE-2024-13705

The CVE-2024-13705 entry concerns the WordPress StageShow plugin. Affected versions are all 9.8.6 and earlier, with the root cause being insufficient escaping of the URL when using remove_query_arg, enabling reflected XSS. Public details from connected sources indicate the issue persists up to 9....

6.1CVSS6AI score0.00697EPSS

Exploits0References4Affected Software1

Patchstack•added 2025/01/30 7:58 a.m.•3 views

WordPress StageShow plugin <= 9.8.6 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin StageShow versions = 9.8.6...

6.1CVSS6.3AI score0.00697EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/01/30 12:0 a.m.•2 views

PT-2025-2250 · WordPress · Stageshow

Name of the Vulnerable Software and Affected Versions: StageShow plugin for WordPress versions prior to 9.8.7 Description: The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove query arg without appropriate escaping on the URL. This allows...

6.1CVSS8.8AI score0.00697EPSS

Exploits0References6

CNNVD•added 2025/01/30 12:0 a.m.•1 views

WordPress plugin StageShow 跨站脚本漏洞

6.1CVSS8.2AI score0.00697EPSS

Exploits0References2

seebug.org•added 2015/09/24 12:0 a.m.•18 views

WordPress StageShow Plugin 'stageshow_redirect.php' 重定向漏洞

No description provided by source...

7.1AI score

Exploits0

CNVD•added 2015/07/09 12:0 a.m.•5 views

WordPress StageShow Plugin Open Redirect Vulnerability

WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Software Foundation, which supports the hosting of personal blogging sites on servers running PHP and MySQL.StageShow is one of the plugins that sells and validates tickets for theater or theater groups...

6.4CVSS6.7AI score0.1779EPSS

Exploits2References1

NVD•added 2015/07/08 4:59 p.m.•17 views

CVE-2015-5461

Open redirect vulnerability in the Redirect function in stageshowredirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter...

6.4CVSS6.7AI score0.1779EPSS

Exploits2References6

Prion•added 2015/07/08 4:59 p.m.•13 views

Open redirect

6.4CVSS7.1AI score0.1779EPSS

Exploits2References6Affected Software1

CVE•added 2015/07/08 4:0 p.m.•62 views

CVE-2015-5461

The CVE-2015-5461 entry maps to WordPress StageShow plugin prior to 5.0.9, which contains an open redirect vulnerability in the Redirect function (stageshow_redirect.php). A malicious URL in the url parameter can redirect users to arbitrary sites, enabling phishing attempts. Nuclei/WP template de...

6.4CVSS6.8AI score0.1779EPSS

Exploits2References6Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by