2 matches found
CVE-2022-36375
CVE-2022-36375 concerns the WordPress Tabs plugin (versions ≤ 3.6.0). The vulnerability allows an authenticated, high-privilege user to change plugin options, as described across multiple sources. The root cause appears to be an insecure options-change flow that can be exploited by someone with e...
CVE-2024-37120
CVE-2024-37120 is a stored XSS in the WordPress Tabs plugin by Biplob Adhikari, affecting Tabs versions n/a through 4.0.6. The root cause is improper input neutralization during web page generation (Input handling) leading to stored cross-site scripting. Impact per sources: Cross‑Site Scripting w...