CVE-2025-11822

The WP Bootstrap Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bootstraptab' shortcode in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-11822 WP Bootstrap Tabs <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Bootstrap Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bootstraptab' shortcode in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-11822 WP Bootstrap Tabs <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Bootstrap Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bootstraptab' shortcode in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-11822

The CVE-2025-11822 vulnerability affects the WordPress plugin WP Bootstrap Tabs (versions ≤ 1.0.4). It is a Stored Cross-Site Scripting (XSS) via the bootstrap_tab shortcode caused by insufficient input sanitization and output escaping of user attributes. Impact: authenticated attackers with cont...

WordPress Squelch Tabs and Accordions Shortcodes plugin <= 0.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via tab Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via tab Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Squelch Tabs and Accordions Shortcodes versions = 0.4.8...