CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37120 – WordPress Tabs plugin <= 4.0.6 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37120
20 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Tabs allows Stored XSS.This issue affects Tabs: from n/a through 4.0.6. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Biplob Adhikari Tabs permite XSS almacenado. Este problema afecta a Tabs: desde n/a hasta 4.0.6. The Tabs – Responsive Tabs with WooCommerce Product Tab Extension plugin for WordPress is... • https://patchstack.com/database/vulnerability/vc-tabs/wordpress-tabs-plugin-4-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36375 – WordPress Tabs plugin <= 3.6.0 - Authenticated WordPress Options Change vulnerability
https://notcve.org/view.php?id=CVE-2022-36375
25 Jul 2022 — Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress. Una Vulnerabilidad de cambio de opciones de WordPress Autenticado (usuario de alto rol) en el plugin Tabs de Biplob Adhikari versiones anteriores a 3.6.0 incluyéndola, en WordPress The Tabs – Responsive Tabs with WooCommerce Product Tab Extension plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.6.8. This is due to a lack of validatio... • https://patchstack.com/database/vulnerability/vc-tabs/wordpress-tabs-plugin-3-6-0-authenticated-wordpress-options-change-vulnerability • CWE-264: Permissions, Privileges, and Access Controls CWE-639: Authorization Bypass Through User-Controlled Key •