WordPress Plugin Vulnerabilities

WP Responsive Tabs horizontal vertical and accordion Tabs < 1.1.16 - Reflected Cross-Site Scripting

Description

The plugin does not properly sanitize and escape the 'search_term' parameter, leading to a Reflected Cross-Site Scripting vulnerability.

Affects Plugins

Plugin icon
responsive-horizontal-vertical-and-accordion-tabs
Fixed in 1.1.16

References

CVE
CVE-2023-2184
URL
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/responsive-horizontal-vertical-and-accordion-tabs/wp-responsive-tabs-horizontal-vertical-and-accordion-tabs-1115-reflected-cross-site-scripting

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Marco Wotschka
Verified
No
WPVDB ID
4a309fad-41fe-400d-b005-a4458bf84c3f

Timeline

Publicly Published
2023-04-19 (about 2 years ago)
Added
2023-06-09 (about 2 years ago)
Last Updated
2023-06-09 (about 2 years ago)

Other

Published
Title
Published
2024-11-17
Title
WordPress GDPR < 2.0.3 - Unauthenticated Stored Cross-Site Scripting
Published
2024-08-09
Title
LA-Studio Element Kit for Elementor < 1.3.9.3 - Contributor+ Stored XSS
Published
2015-02-22
Title
Image Metadata Cruncher - Multiple Cross-Site Scripting (XSS)
Published
2021-09-28
Title
WP Reactions Lite < 1.3.6 - Authenticated Stored Cross Site Scripting
Published
2025-05-02
Title
SurveyJS < 1.12.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter