CVE-2025-48134
- EPSS 0.39%
- Veröffentlicht 16.05.2025 15:45:13
- Zuletzt bearbeitet 23.04.2026 15:30:51
Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs wp-expand-tabs-free allows Object Injection.This issue affects WP Tabs: from n/a through <= 2.2.12.
CVE-2024-11503
- EPSS 0.24%
- Veröffentlicht 25.03.2025 06:00:10
- Zuletzt bearbeitet 29.04.2025 18:11:43
The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (...
CVE-2023-52124
- EPSS 0.3%
- Veröffentlicht 05.01.2024 12:15:09
- Zuletzt bearbeitet 28.04.2026 19:22:57
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress:...
CVE-2023-25065
- EPSS 0.26%
- Veröffentlicht 14.02.2023 12:15:15
- Zuletzt bearbeitet 21.11.2024 07:49:02
Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions.
CVE-2023-0071
- EPSS 0.53%
- Veröffentlicht 30.01.2023 21:15:13
- Zuletzt bearbeitet 27.03.2025 20:15:19
The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform S...