Vulnerabilities and security researches forstagtools stagtools

Jun 07, 2024

CVE, Research URL: CVE-2023-41868
Home page URL: Security reports for StagTools
Application: StagTools
Date: Sep 26, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ram Ratan Maurya, Codestag StagTools plugin <= 2.3.7 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-0891
Home page URL: Security reports for StagTools
Application: StagTools
Date: May 02, 2023
Research Description: The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions: Min -, max -.
Status: vulnerable

Sep 07, 2025

CVE, Research URL: CVE-2025-58814
Home page URL: Security reports for StagTools
Application: StagTools
Date: Sep 05, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ram Ratan Maurya Stagtools allows Stored XSS. This issue affects Stagtools: from n/a through 2.3.8.
Affected versions: Min -, max -.
Status: vulnerable