CVE-2023-40557
WordPress Tabs & Accordion plugin <= 1.3.10 - Content Injection vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in PickPlugins Tabs & Accordion allows Code Injection.This issue affects Tabs & Accordion: from n/a through 1.3.10.
La neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en PickPlugins Tabs & Accordion permite la inyección de código. Este problema afecta a Tabs & Accordion: desde n/a hasta 1.3.10.
The Tabs & Accordion plugin for WordPress is vulnerable to Arbitrary Content Injection in versions up to, and including, 1.3.10. The cause of this vulnerability is undisclosed at this time. However, this vulnerability makes it possible for unauthenticated attackers to inject new content onto the website, possibly through the manipulation of posts to create new web pages, spam, or phishing.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-08-16 CVE Reserved
- 2023-08-17 CVE Published
- 2024-06-04 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
- CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CAPEC
- CAPEC-242: Code Injection
References (1)
URL | Tag | Source |
---|---|---|
https://patchstack.com/database/vulnerability/tabs/wordpress-tabs-accordion-plugin-1-3-8-content-injection-vulnerability?_s_id=cve | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Tabs Search vendor "Tabs" | Tabs Search vendor "Tabs" for product "Tabs" | >= 0.0.0 <= 1.3.10 Search vendor "Tabs" for product "Tabs" and version " >= 0.0.0 <= 1.3.10" | en |
Affected
|