CVE-2026-13334
Last modified
CVE-2026-13334 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'stag' parameter in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.. EPSS estimates a 0.21% chance of exploitation in the next 30 days.
Description
The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'stag' parameter in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| kitae-park | Mang Board WP | <= 2.3.4 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-13334?
How severe is CVE-2026-13334?
How do I fix CVE-2026-13334?
Related CVEs from 2026
- CVE-2026-13322A flaw was found in KubeVirt's downward metrics virtio-seria…3.8
- CVE-2026-13323In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoi…8.7
- CVE-2026-13325A flaw was found in KubeVirt's migration proxy. When spec.co…8.5
- CVE-2026-1333A Use of Uninitialized Variable vulnerability affecting the …7.8
- CVE-2026-13331The Groundhogg — CRM, Newsletters, and Marketing Automation …6.5
- CVE-2026-13333The Groundhogg — CRM, Newsletters, and Marketing Automation …6.5
- CVE-2026-13335The CodePeople Post Map for Google Maps plugin for WordPress…6.4
- CVE-2026-1334An Out-Of-Bounds Read vulnerability affecting the EPRT file …7.8
- CVE-2026-13341A vulnerability exists in the Kong Konnect Model Context Pro…7.4
- CVE-2026-13347The Hide My WP Lite plugin for WordPress is vulnerable to Ar…7.5
- CVE-2026-1335An Out-Of-Bounds Write vulnerability affecting the EPRT file…7.8
- CVE-2026-13350Permissions where checked incorrectly during room creation, …2.3
Are you affected by CVE-2026-13334?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
