Xplo1T

**Name of the Vulnerable Software and Affected Versions** StagTools WordPress plugin versions prior to 2.3.7 **Description** The issue concerns the StagTools WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them in a page or post. This could allow users with the contributor role or higher to perform Stored Cross-Site Scripting attacks. **Recommendations** For versions prior to 2.3.7, update to version 2.3.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of shortcodes by users with the contributor role and above until the update is applied.