CVE-2023-52124

CVE-2023-52124 is an authenticated stored XSS against the WP Tabs – Responsive Tabs plugin for WordPress (vulnerable: up to 2.2.0). The issue arises from improper input neutralization during web page generation, enabling an attacker with a valid user account (likely a Contributor+ role) to inject...

CVE-2024-11503

WP Tabs for WordPress is affected by CVE-2024-11503: versions before 2.2.7 do not sanitise/escape certain settings, allowing stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). The issue is documented across NVD, Red Hat, CVE records, and r...

CVE-2023-0071

The CVE-2023-0071 vulnerability affects the WP Tabs WordPress plugin prior to version 2.1.17. The issue arises because the plugin does not validate and escape certain shortcode attributes before rendering them in pages/posts, enabling Stored XSS for users with the Contributor role or higher. This...

CVE-2023-25065

CVE-2023-25065 reports a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin “WP Tabs – Responsive Tabs” (ShapedPlugin)

CVE-2025-48134

CVE-2025-48134 : Deserialization of untrusted data in the WordPress plugin WP Tabs (ShapedPlugin LLC) allows PHP Object Injection . Affected: WP Tabs <= 2.2.11 (WordPress plugin offering responsive tabs and custom product tabs). The vulnerability origin is a deserialization flaw leading to obj...