CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0368 – Responsive Tabs For WPBakery Page Builder <= 1.1 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0368
24 May 2023 — The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The Responsive Tabs For WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and inc... • https://wpscan.com/vulnerability/b41e5c09-1034-48a7-ac0f-d4db6e7a3b3e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22688 – WordPress WP Tabs Slides Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-22688
19 Jan 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin <= 2.0.3 versions. The WP Tabs Slides plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.3. This is due to missing or incorrect nonce validation on the optionsAction function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Cr... • https://patchstack.com/database/vulnerability/wordpress-tabs-slides/wordpress-wp-tabs-slides-plugin-2-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40215 – WordPress Tabs plugin <= 3.7.1 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-40215
22 Sep 2022 — Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in Tabs plugin <= 3.7.1 at WordPress. Múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) Almacenado y Autenticado en el plugin Tabs versiones anteriores a 3.7.1 de WordPress. The Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit... • https://patchstack.com/database/vulnerability/vc-tabs/wordpress-tabs-plugin-3-7-1-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities/_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4373
https://notcve.org/view.php?id=CVE-2015-4373
15 Jun 2015 — Cross-site scripting (XSS) vulnerability in the OG tabs module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes posted in an Organic Groups group. Vulnerabilidad de XSS en el módulo OG tabs anterior a 7.x-1.1 para Drupal permite a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores relacionados con nodos publicados en un grupo Orga... • http://www.openwall.com/lists/oss-security/2015/04/25/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2013-4406
https://notcve.org/view.php?id=CVE-2013-4406
19 May 2014 — The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain sensitive information by reading a Quick Tab. El módulo Quick Tabs 6.x-2.x anterior a 6.x-2.2, 6.x-3.x anterior a 6.x-3.2 y 7.x-3.x anterior a 7.x-3.6 para Drupal no comprueba debidamente permisos de bloque, lo que permite a atacantes remotos obtener información sensible mediante la lectura de una Quick Tab. • http://www.openwall.com/lists/oss-security/2013/10/04/14 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4531 – Game Tabs <= 0.4.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4531
25 Apr 2014 — Cross-site scripting (XSS) vulnerability in main_page.php in the Game tabs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the n parameter. Vulnerabilidad de XSS en main_page.php en el plugin Game tabs 0.4.0 y anteriores para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro n. • http://codevigilant.com/disclosure/wp-plugin-game-tabs-a3-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •