CVE-2025-48134
- EPSS 0.4%
- Veröffentlicht 16.05.2025 15:45:13
- Zuletzt bearbeitet 01.04.2026 17:24:25
Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs wp-expand-tabs-free allows Object Injection.This issue affects WP Tabs: from n/a through <= 2.2.12.
CVE-2024-11503
- EPSS 0.08%
- Veröffentlicht 25.03.2025 06:00:10
- Zuletzt bearbeitet 29.04.2025 18:11:43
The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (...
CVE-2023-52124
- EPSS 0.08%
- Veröffentlicht 05.01.2024 12:15:09
- Zuletzt bearbeitet 21.11.2024 08:39:13
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress:...
CVE-2023-25065
- EPSS 0.1%
- Veröffentlicht 14.02.2023 12:15:15
- Zuletzt bearbeitet 21.11.2024 07:49:02
Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions.
CVE-2023-0071
- EPSS 0.25%
- Veröffentlicht 30.01.2023 21:15:13
- Zuletzt bearbeitet 27.03.2025 20:15:19
The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform S...