Stored Cross-Site Scripting Vulnerability in StageShow Plugin for WordPress
CVE-2025-5703

6.4MEDIUM

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
6 June 2025

What is CVE-2025-5703?

The StageShow plugin for WordPress is affected by a stored cross-site scripting vulnerability due to insufficient input sanitization and output escaping in the 'anchor' parameter. Authenticated attackers with Contributor-level access or higher can exploit this weakness to inject arbitrary scripts into pages, leading to the execution of these scripts whenever users visit affected pages. This flaw presents a significant risk as it can compromise user data and site integrity, making prompt mitigation essential.

Affected Version(s)

StageShow * <= 10.0.3

References

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Peter Thaleikis
.
CVE-2025-5703 : Stored Cross-Site Scripting Vulnerability in StageShow Plugin for WordPress