CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4096 – Responsive Tabs <= 4.0.8 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-4096
09 Jul 2024 — The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks The Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Tab' titles in all versions up to, and including, 4.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access... • https://wpscan.com/vulnerability/4dba5e9e-24be-458a-9150-7c7a958e66cb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37120 – WordPress Tabs plugin <= 4.0.6 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37120
20 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Tabs allows Stored XSS.This issue affects Tabs: from n/a through 4.0.6. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Biplob Adhikari Tabs permite XSS almacenado. Este problema afecta a Tabs: desde n/a hasta 4.0.6. The Tabs – Responsive Tabs with WooCommerce Product Tab Extension plugin for WordPress is... • https://patchstack.com/database/vulnerability/vc-tabs/wordpress-tabs-plugin-4-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1846 – Responsive Tabs < 4.0.7 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-1846
25 Mar 2024 — The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks El complemento Responsive Tabs para WordPress anterior a 4.0.7 no valida ni escapa algunos de sus atributos de código corto antes de devolverlos a una página/publicación donde está incrustado el código corto, lo que podr... • https://wpscan.com/vulnerability/ea2a8420-4b0e-4efb-a0c6-ceea996dae5a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45635 – WordPress Responsive Tabs plugin < 4.0.6 - HTML Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-45635
11 Oct 2023 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP Darko Responsive Tabs allows Code Injection.This issue affects Responsive Tabs: from n/a before 4.0.6. La neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en WP Darko Responsive Tabs permite la inyección de código. Este problema afecta a las pestañas responsivas: desde n/a antes de 4.0.6. The Responsive Tabs plugin for WordPress is vulnerable ... • https://patchstack.com/database/vulnerability/responsive-tabs/wordpress-responsive-tabs-plugin-4-0-6-html-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36375 – WordPress Tabs plugin <= 3.6.0 - Authenticated WordPress Options Change vulnerability
https://notcve.org/view.php?id=CVE-2022-36375
25 Jul 2022 — Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress. Una Vulnerabilidad de cambio de opciones de WordPress Autenticado (usuario de alto rol) en el plugin Tabs de Biplob Adhikari versiones anteriores a 3.6.0 incluyéndola, en WordPress The Tabs – Responsive Tabs with WooCommerce Product Tab Extension plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.6.8. This is due to a lack of validatio... • https://patchstack.com/database/vulnerability/vc-tabs/wordpress-tabs-plugin-3-6-0-authenticated-wordpress-options-change-vulnerability • CWE-264: Permissions, Privileges, and Access Controls CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36893 – WordPress Responsive Tabs plugin <= 4.0.5 - Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-36893
11 Apr 2022 — Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5 Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado Autenticado (autor o rol de usuario superior) en Responsive Tabs (plugin de WordPress) versiones anteriores a 4.0.5 incluyéndola • https://patchstack.com/database/vulnerability/responsive-tabs/wordpress-responsive-tabs-plugin-4-0-5-cross-site-scripting-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •