CVE-2025-48134
- EPSS 0.16%
- Veröffentlicht 16.05.2025 15:45:13
- Zuletzt bearbeitet 30.05.2025 14:17:23
Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs allows Object Injection. This issue affects WP Tabs: from n/a through 2.2.11.
CVE-2024-11503
- EPSS 0.08%
- Veröffentlicht 25.03.2025 06:00:10
- Zuletzt bearbeitet 29.04.2025 18:11:43
The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (...
CVE-2023-52124
- EPSS 0.08%
- Veröffentlicht 05.01.2024 12:15:09
- Zuletzt bearbeitet 21.11.2024 08:39:13
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress:...
CVE-2023-25065
- EPSS 0.1%
- Veröffentlicht 14.02.2023 12:15:15
- Zuletzt bearbeitet 21.11.2024 07:49:02
Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions.
CVE-2023-0071
- EPSS 0.25%
- Veröffentlicht 30.01.2023 21:15:13
- Zuletzt bearbeitet 27.03.2025 20:15:19
The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform S...