Vulnerabilities and security researches forstaggs staggs

Jun 07, 2024

CVE, Research URL: 464ca8032e25f0c45c00716200d65de0e06dd458
Home page URL: Security reports for Staggs – Product configurator for WooCommerce
Application: Staggs – Product configurator for WooCommerce
Date: Jul 18, 2023
Research Description: Staggs – Product configurator for WooCommerce [staggs] < 1.4.2 WordPress Staggs Product Configurator for WooCommerce Plugin < 1.4.2 is vulnerable to Cross Site Scripting (XSS) Update the plugin to the latest version. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Staggs Product Configurator for WooCommerce Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.4.2.
Affected versions: Min -, max -.
Status: vulnerable

Dec 15, 2024

CVE, Research URL: CVE-2024-54342
Home page URL: Security reports for Staggs – Product configurator for WooCommerce
Application: Staggs – Product configurator for WooCommerce
Date: Dec 13, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in STAGGS Staggs Product Configurator for WooCommerce allows Reflected XSS.This issue affects Staggs Product Configurator for WooCommerce: from n/a through 2.0.0.
Affected versions: Min -, max -.
Status: vulnerable

May 24, 2025

CVE, Research URL: CVE-2025-47637
Home page URL: Security reports for Staggs – Product configurator for WooCommerce
Application: Staggs – Product configurator for WooCommerce
Date: May 23, 2025
Research Description: Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS allows Upload a Web Shell to a Web Server. This issue affects STAGGS: from n/a through 2.11.0.
Affected versions: Min -, max -.
Status: vulnerable