cleantalk
Vulnerabilities and Security Researches

Staggs – Product configurator for WooCommerce, 464ca8032e25f0c45c00716200d65de0e06dd458

CVE, Research URL

464ca8032e25f0c45c00716200d65de0e06dd458

Home page URL

Security reports for Staggs – Product configurator for WooCommerce

Application

Staggs – Product configurator for WooCommerce

Published on
Jul 18, 2023
Research Description
Staggs &#8211; Product configurator for WooCommerce [staggs] < 1.4.2 WordPress Staggs Product Configurator for WooCommerce Plugin < 1.4.2 is vulnerable to Cross Site Scripting (XSS) Update the plugin to the latest version. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Staggs Product Configurator for WooCommerce Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.4.2.
Affected versions
Min -, max 1.4.2.
Status
vulnerable
Previous vulnerability researches
Staggs &#8211; Product configurator for WooCommerce (CVE-2025-47637) , May 24, 2025
Staggs &#8211; Product configurator for WooCommerce (CVE-2024-54342) , Dec 15, 2024
Staggs &#8211; Product configurator for WooCommerce (464ca8032e25f0c45c00716200d65de0e06dd458) , Jun 07, 2024
New vulnerability
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2025-4223) , May 25, 2025
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2024-13427) , May 25, 2025
miniOrange Discord Integration (CVE-2025-47672) , May 25, 2025
4stats (CVE-2025-3869) , May 24, 2025
Verge3D Publishing and E-Commerce (CVE-2025-48241) , May 24, 2025