5 matches found
CVE-2023-0071
The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0071 WP Tabs < 2.1.17 - Contributor+ Stored XSS
The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0071 WP Tabs < 2.1.17 - Contributor+ Stored XSS
The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0071
The CVE-2023-0071 vulnerability affects the WP Tabs WordPress plugin prior to version 2.1.17. The issue arises because the plugin does not validate and escape certain shortcode attributes before rendering them in pages/posts, enabling Stored XSS for users with the Contributor role or higher. This...
WordPress WP Tabs Plugin < 2.1.17 is vulnerable to Cross Site Scripting (XSS)
Software WP Tabs Type Plugin Vulnerable versions 2.1.17 Fixed in 2.1.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0071 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 477efeb39f0f Credits István Márton Required...