CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.9AI score0.00252EPSS

Exploits2References1

RedhatCVE•added 2025/05/18 4:2 p.m.•7 views

CVE-2025-48134

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs wp-expand-tabs-free allows Object Injection.This issue affects WP Tabs: from n/a through = 2.2.12...

7.2CVSS7.2AI score0.00398EPSS

Exploits0References1

CVE•added 2025/05/16 3:45 p.m.•21 views

CVE-2025-48134

CVE-2025-48134 : Deserialization of untrusted data in the WordPress plugin WP Tabs (ShapedPlugin LLC) allows PHP Object Injection . Affected: WP Tabs <= 2.2.11 (WordPress plugin offering responsive tabs and custom product tabs). The vulnerability origin is a deserialization flaw leading to obj...

7.2CVSS7.2AI score0.00398EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/05/16 3:45 p.m.•5 views

CVE-2025-48134 WordPress WP Tabs plugin <= 2.2.12 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs wp-expand-tabs-free allows Object Injection.This issue affects WP Tabs: from n/a through = 2.2.12...

7.2CVSS7.2AI score0.00398EPSS

Exploits0References1

Cvelist•added 2025/05/16 3:45 p.m.•11 views

CVE-2025-48134 WordPress WP Tabs plugin <= 2.2.12 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs wp-expand-tabs-free allows Object Injection.This issue affects WP Tabs: from n/a through = 2.2.12...

7.2CVSS0.00398EPSS

Exploits0References1

Positive Technologies•added 2025/05/16 12:0 a.m.•2 views

PT-2025-21731 · Shapedplugin Llc · Wp Tabs

Name of the Vulnerable Software and Affected Versions: ShapedPlugin LLC WP Tabs versions 2.2.11 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. Recommendations: For versions 2.2.11 and earlier, update to a version that contains a...

7.2CVSS7.3AI score0.00398EPSS

Exploits0References7

RedhatCVE•added 2025/03/27 6:13 a.m.•15 views

CVE-2024-11503

The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS5.7AI score0.00195EPSS

Exploits1References1

NVD•added 2025/03/25 6:15 a.m.•9 views

CVE-2024-11503

6.1CVSS0.00195EPSS

Exploits1References1

Vulnrichment•added 2025/03/25 6:0 a.m.•13 views

CVE-2024-11503 WP Tabs < 2.2.7 - Admin+ Stored XSS

5.8AI score0.00195EPSS

Exploits1References1

CVE•added 2025/03/25 6:0 a.m.•57 views

CVE-2024-11503

WP Tabs for WordPress is affected by CVE-2024-11503: versions before 2.2.7 do not sanitise/escape certain settings, allowing stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). The issue is documented across NVD, Red Hat, CVE records, and r...

6.1CVSS5.8AI score0.00195EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/03/25 6:0 a.m.•16 views

CVE-2024-11503 WP Tabs < 2.2.7 - Admin+ Stored XSS

0.00195EPSS

Exploits1References1

Vulnrichment•added 2024/01/05 11:17 a.m.•1 views

CVE-2023-52124 WordPress WP Tabs Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress: from n/a through 2.2.0...

6.5CVSS6.7AI score0.00077EPSS

Exploits0References1

WPVulnDB•added 2024/01/05 12:0 a.m.•11 views

WP Tabs < 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WP Tabs – Responsive Tabs Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

6.5CVSS5.7AI score0.00077EPSS

Exploits0References1Affected Software1

Patchstack•added 2023/12/28 12:0 a.m.•8 views

WordPress WP Tabs Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Tabs Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52124 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a52c5f0b85cc Credits Ray Wilson Required privilege Contributor...

6.5CVSS6.6AI score0.00077EPSS

Exploits0References2Affected Software1

NVD•added 2023/05/22 9:15 a.m.•8 views

CVE-2023-22688

Cross-Site Request Forgery CSRF vulnerability in Abdul Ibad WP Tabs Slides plugin = 2.0.3 versions...

8.8CVSS5.8AI score0.0015EPSS

Exploits0References1