5 matches found
CVE-2024-13705
The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 9.8.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...
CVE-2024-13705
creationtimestamp| type| source ---|---|--- 2025-01-30 14:17:28+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxoezpdiq2c 2025-01-30 15:32:04+00:00| seen| https://infosec.exchange/users/cve/statuses/113918025661122768 2025-01-30 16:46:19+00:00| seen|...
CVE-2024-13705
The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 9.8.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...
CVE-2024-13705 StageShow <= 9.8.6 - Reflected Cross-Site Scripting
The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 9.8.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...
CVE-2024-13705
The CVE-2024-13705 entry concerns the WordPress StageShow plugin. Affected versions are all 9.8.6 and earlier, with the root cause being insufficient escaping of the URL when using remove_query_arg, enabling reflected XSS. Public details from connected sources indicate the issue persists up to 9....