WP-Safety

StagTools Security & Risk Analysis

wordpress.org/plugins/stagtools

StagTools is a powerful plugin to extend functionality to your WordPress themes offering shortcodes, FontAwesome icons and useful widgets.

1K active installs v2.3.8 PHP 7.3+ WP 5.0+ Updated Aug 4, 2023
iconsretinashortcodesthemeforestwidget
60
C · Use Caution
CVEs total3
Unpatched1
Last CVESep 5, 2025
Plugin page Download
Safety Verdict

Is StagTools Safe to Use in 2026?

Use With Caution

Score 60/100

StagTools has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

3 known CVEs 1 unpatched Last CVE: Sep 5, 2025Updated 2yr ago
Risk Assessment

The 'stagtools' v2.3.8 plugin exhibits a mixed security posture. While it demonstrates good practices in areas like using prepared statements for all SQL queries and a relatively high percentage of output escaping, significant concerns remain. The presence of an unprotected AJAX handler represents a direct entry point for potential exploitation without proper authentication. This, combined with a history of known vulnerabilities, specifically medium-severity Cross-Site Scripting (XSS) issues, suggests a pattern of security weaknesses that have not been fully addressed. The fact that one CVE remains unpatched is a critical red flag, increasing the immediate risk to sites utilizing this plugin.

Key Concerns

  • Unprotected AJAX handler
  • Currently unpatched CVE (medium severity)
  • Vulnerability history of XSS
  • No nonce checks on entry points
  • Percentage of unescaped output
Vulnerabilities
3

StagTools Security Vulnerabilities

CVEs by Year

2 CVEs in 2023
2023
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-58814medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stagtools <= 2.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 5, 2025Unpatched
CVE-2023-41868medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stagtools <= 2.3.7 - Reflected Cross-Site Scripting

Sep 5, 2023 Patched in 2.3.8 (140d)
CVE-2023-0891medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stagtools <= 2.3.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

Apr 5, 2023 Patched in 2.3.7 (293d)
Code Analysis
Analyzed Mar 16, 2026

StagTools Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
52
158 escaped
Nonce Checks
0
Capability Checks
8
File Operations
0
External Requests
2
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

75% escaped210 total outputs
Attack Surface
1 unprotected

StagTools Attack Surface

Entry Points37
Unprotected1

AJAX Handlers 1

authwp_ajax_popupshortcodes\stag-shortcodes.php:11

Shortcodes 36

[stag_one_third] shortcodes\shortcodes.php:17
[stag_one_third_last] shortcodes\shortcodes.php:24
[stag_two_third] shortcodes\shortcodes.php:31
[stag_two_third_last] shortcodes\shortcodes.php:38
[stag_one_half] shortcodes\shortcodes.php:45
[stag_one_half_last] shortcodes\shortcodes.php:52
[stag_one_fourth] shortcodes\shortcodes.php:59
[stag_one_fourth_last] shortcodes\shortcodes.php:66
[stag_three_fourth] shortcodes\shortcodes.php:73
[stag_three_fourth_last] shortcodes\shortcodes.php:80
[stag_one_fifth] shortcodes\shortcodes.php:87
[stag_one_fifth_last] shortcodes\shortcodes.php:93
[stag_two_fifth] shortcodes\shortcodes.php:101
[stag_two_fifth_last] shortcodes\shortcodes.php:108
[stag_three_fifth] shortcodes\shortcodes.php:115
[stag_three_fifth_last] shortcodes\shortcodes.php:122
[stag_four_fifth] shortcodes\shortcodes.php:129
[stag_four_fifth_last] shortcodes\shortcodes.php:136
[stag_one_sixth] shortcodes\shortcodes.php:143
[stag_one_sixth_last] shortcodes\shortcodes.php:150
[stag_five_sixth] shortcodes\shortcodes.php:157
[stag_five_sixth_last] shortcodes\shortcodes.php:164
[stag_button] shortcodes\shortcodes.php:211
[stag_alert] shortcodes\shortcodes.php:233
[stag_divider] shortcodes\shortcodes.php:258
[stag_intro] shortcodes\shortcodes.php:270
[stag_tabs] shortcodes\shortcodes.php:317
[stag_tab] shortcodes\shortcodes.php:334
[stag_toggle] shortcodes\shortcodes.php:355
[stag_dropcap] shortcodes\shortcodes.php:372
[stag_image] shortcodes\shortcodes.php:401
[stag_video] shortcodes\shortcodes.php:417
[stag_icon] shortcodes\shortcodes.php:461
[stag_map] shortcodes\shortcodes.php:572
[stag_social] shortcodes\shortcodes.php:630
[stag_columns] shortcodes\shortcodes.php:649
WordPress Hooks 40
filtermanage_edit-portfolio_columnsincludes\post-type\portfolio.php:83
actionmanage_posts_custom_columnincludes\post-type\portfolio.php:108
filtermanage_edit-stag-portfolio_columnsincludes\post-type\project.php:98
actionmanage_stag-portfolio_posts_custom_columnincludes\post-type\project.php:129
actionadmin_headincludes\post-type\project.php:147
filtermanage_edit-slide_columnsincludes\post-type\slides.php:44
filtermanage_edit-team_columnsincludes\post-type\team.php:55
actionmanage_posts_custom_columnincludes\post-type\team.php:56
filtermanage_edit-testimonials_columnsincludes\post-type\testimonials.php:45
actionadmin_initincludes\settings\settings.php:214
actionadmin_initincludes\tinymce.php:46
filtertiny_mce_before_initincludes\tinymce.php:49
filterwp_mce_translationincludes\tinymce.php:52
filtermce_external_pluginsincludes\tinymce.php:68
filtermce_buttonsincludes\tinymce.php:69
filtertiny_mce_before_initincludes\tinymce.php:72
filtermce_buttons_2includes\tinymce.php:73
actionadmin_initincludes\tinymce.php:254
actionsave_postincludes\widgets\stagtools-widget.php:27
actiondeleted_postincludes\widgets\stagtools-widget.php:28
actionswitch_themeincludes\widgets\stagtools-widget.php:29
actionwidgets_initincludes\widgets\widget-dribbble.php:147
filterwp_feed_cache_transient_lifetimeincludes\widgets\widget-flickr.php:58
actionwidgets_initincludes\widgets\widget-flickr.php:109
actionwidgets_initincludes\widgets\widget-instagram.php:71
actionwidgets_initincludes\widgets\widget-twitter.php:290
actioninitshortcodes\stag-shortcodes.php:8
actionadmin_enqueue_scriptsshortcodes\stag-shortcodes.php:9
filtermce_external_languagesshortcodes\stag-shortcodes.php:10
actionadmin_enqueue_scriptsshortcodes\stag-shortcodes.php:12
filtermce_external_pluginsshortcodes\stag-shortcodes.php:57
filtermce_buttonsshortcodes\stag-shortcodes.php:58
actioninitstagtools.php:106
actionadmin_menustagtools.php:107
actionadmin_headstagtools.php:108
actionafter_setup_themestagtools.php:110
actionwp_enqueue_scriptsstagtools.php:149
filterbody_classstagtools.php:150
actioncurrent_screenstagtools.php:152
filterscript_loader_tagstagtools.php:154
Maintenance & Trust

StagTools Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedAug 4, 2023
PHP min version7.3
Downloads121K

Community Trust

Rating100/100
Number of ratings5
Active installs1K
Alternatives

StagTools Alternatives

Social Icons Widget & Block – Social Media Icons & Share Buttons

Social Icons Widget & Block – Social Media Icons & Share Buttons

social-icons-widget-by-wpzoom

A
96

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K 3 CVEs
Social Media Share Buttons & Social Sharing Icons

Social Media Share Buttons & Social Sharing Icons

ultimate-social-media-icons

A
96

Share buttons and pop up share icons for social media sharing

100K 11 CVEs
Lightweight Social Icons

Lightweight Social Icons

lightweight-social-icons

A
85

Looking to add simple social icons to your widget areas? Choose the size and color of your icons, and then choose from 47 different social profiles.

30K No CVEs
Apollo13 Framework Extensions

Apollo13 Framework Extensions

apollo13-framework-extensions

A
95

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs
Fuse Social Floating Sidebar

Fuse Social Floating Sidebar

fuse-social-floating-sidebar

A
99

This plugin allows you to add social media floating sidebar icons connected with your social media profiles.

10K 2 CVEs
Developer Profile

StagTools Developer Profile

Ram Ratan Maurya

3 plugins · 3K total installs

63
trust score
Avg Security Score
77/100
Avg Patch Time
217 days
View full developer profile
Detection Fingerprints

How We Detect StagTools

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/stagtools/assets/css/fontawesome-all.css/wp-content/plugins/stagtools/assets/css/fontawesome-all.min.css/wp-content/plugins/stagtools/assets/css/stag-shortcodes.css/wp-content/plugins/stagtools/assets/js/fontawesome-all.min.js/wp-content/plugins/stagtools/assets/js/fa-v4-shims.min.js/wp-content/plugins/stagtools/assets/js/stag-shortcode-scripts.js
Script Paths
/wp-content/plugins/stagtools/assets/js/fontawesome-all.min.js/wp-content/plugins/stagtools/assets/js/fa-v4-shims.min.js/wp-content/plugins/stagtools/assets/js/stag-shortcode-scripts.js
Version Parameters
stagtools/assets/css/fontawesome-all.css?ver=stagtools/assets/css/stag-shortcodes.css?ver=stagtools/assets/js/fontawesome-all.min.js?ver=stagtools/assets/js/fa-v4-shims.min.js?ver=stagtools/assets/js/stag-shortcode-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
stag-cta-buttonstag-progress-bar-wrapperstag-tabsstag-tabstag-tab-titlestag-tab-contentstag-accordionstag-accordion-item+13 more
HTML Comments
<!-- StagTools Shortcode Wrapper Start --><!-- StagTools Shortcode Wrapper End --><!-- StagTools CTA Button Start --><!-- StagTools CTA Button End -->+20 more
Data Attributes
data-stag-tabsdata-stag-accordiondata-stag-toggledata-stag-testimonial-carousel
JS Globals
stagShortcode
Shortcode Output
<div class="stag-cta-button"><div class="stag-progress-bar-wrapper"><div class="stag-tabs"><div class="stag-accordion">
FAQ

Frequently Asked Questions about StagTools