CVE-2025-14999

The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings update handler in admin-page.php. This makes it possible for unauthenticated attackers to modify plugin...

CVE-2025-14999 Latest Tabs <= 1.5 - Cross-Site Request Forgery to Plugin's Settings Update

The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings update handler in admin-page.php. This makes it possible for unauthenticated attackers to modify plugin...

PT-2026-1597

Name of the Vulnerable Software and Affected Versions The Latest Tabs plugin for WordPress versions up to and including 1.5 Description The Latest Tabs plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is a result of inadequate or absent nonce validation within the...

WordPress Latest Tabs plugin <= 1.5 - Cross-Site Request Forgery to Plugin's Settings Update vulnerability

Cross-Site Request Forgery to Plugin's Settings Update vulnerability discovered by omer yeshayahu in WordPress Plugin Latest Tabs versions = 1.5...

CVE-2025-13088

The Category and Product Woocommerce Tabs plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0. This is due to insufficient input validation on the 'template' parameter in the categoryProductTab function. This makes it possible for authenticated...

CVE-2025-13088

The Category and Product Woocommerce Tabs plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0. This is due to insufficient input validation on the 'template' parameter in the categoryProductTab function. This makes it possible for authenticated...

EUVD-2022-39089

Malicious code in bioql PyPI...

EUVD-2022-43513

Malicious code in bioql PyPI...

CVE-2025-8560 FancyTabs <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter

The FancyTabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2023-52124

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress: from n/a through 2.2.0...

CVE-2023-0071

The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-24409

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs plugin = 1.1.15 versions...

WordPress plugin WP Tabs 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress Tabs plugin <= 4.0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by johska in WordPress Plugin Tabs versions = 4.0.3...

CVE-2025-46522 WordPress Tabs plugin <= 4.0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Billy Bryant Tabs allows Stored XSS. This issue affects Tabs: from n/a through 4.0.3...

WordPress plugin Tabs 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site reque...

CVE-2024-11503

The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress WP Tabs plugin < 2.2.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin WP Tabs versions 2.2.7...

CVE-2024-11503

The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-11503

The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...