Lucene search
WPScanVULNRICHMENT:CVE-2024-0719HistoryMar 18, 2024 - 7:05 p.m.
CVE-2024-0719 Tabs Shortcode and Widget <= 1.17 - Contributor+ Stored Cross-Site Scripting
2024-03-1819:05:43
WPScan
github.com
3
cve-2024-0719
wordpress
plugin
stored cross-site scripting
contributor
shortcode.
The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:otwthemes:tabs_shortcode_and_widget:*:*:*:*:*:*:*:*"
],
"vendor": "otwthemes",
"product": "tabs_shortcode_and_widget",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "1.17"
}
],
"defaultStatus": "unknown"
}
]Related
wpvulndb
wpvulndb
Tabs Shortcode and Widget <= 1.17 - Contributor+ Stored Cross-Site Scripting
2024-02-20 00:00:00
nvd
nvd
CVE-2024-0719
2024-03-18 19:15:06
cve
cve
CVE-2024-0719
2024-03-18 19:15:06
cvelist
cvelist
wpexploit
wpexploit
Tabs Shortcode and Widget <= 1.17 - Contributor+ Stored Cross-Site Scripting
2024-02-20 00:00:00
wordfence
wordfence
AI Score
5.8
Confidence
High
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-0719