CVE-2023-40557 – WordPress Tabs & Accordion plugin <= 1.3.10 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-40557
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in PickPlugins Tabs & Accordion allows Code Injection.This issue affects Tabs & Accordion: from n/a through 1.3.10. La neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en PickPlugins Tabs & Accordion permite la inyección de código. Este problema afecta a Tabs & Accordion: desde n/a hasta 1.3.10. The Tabs & Accordion plugin for WordPress is vulnerable to Arbitrary Content Injection in versions up to, and including, 1.3.10. The cause of this vulnerability is undisclosed at this time. • https://patchstack.com/database/vulnerability/tabs/wordpress-tabs-accordion-plugin-1-3-8-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2022-40215 – WordPress Tabs plugin <= 3.7.1 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-40215
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in Tabs plugin <= 3.7.1 at WordPress. Múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) Almacenado y Autenticado en el plugin Tabs versiones anteriores a 3.7.1 de WordPress. The Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with high-level permissions, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/vc-tabs/wordpress-tabs-plugin-3-7-1-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities/_s_id=cve https://wordpress.org/plugins/vc-tabs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •