cleantalk
Vulnerabilities and Security Researches

StagTools, CVE-2023-0891

CVE, Research URL

CVE-2023-0891

Home page URL

Security reports for StagTools

Application

StagTools

Published on
May 02, 2023
Research Description
The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
Min -, max 2.3.7.
Status
vulnerable
Previous vulnerability researches
StagTools (CVE-2025-58814) , Sep 07, 2025
StagTools (CVE-2023-41868) , Jun 07, 2024
StagTools (CVE-2023-0891) , Jun 07, 2024
New vulnerability
Zakra (CVE-2025-8595) , Sep 15, 2025
PDF Embedder , Sep 11, 2025
Pixeline's Email Protector (CVE-2025-58982) , Sep 11, 2025
Include Me (CVE-2025-58983) , Sep 11, 2025
PagSeguro / PagBank Connect (CVE-2025-10142) , Sep 11, 2025