WordPress Plugin Vulnerabilities

Responsive Tabs < 4.0.6 - Authenticated (Contributor+) Content Injection

Description

The Responsive Tabs plugin for WordPress is vulnerable to Arbitrary Content Injection in versions prior to 4.0.6. This vulnerability makes it possible for authenticated attackers, with contributor-level permissions and above, to inject new content onto the website, possibly through the manipulation of posts to create new web pages, spam, or phishing.

Affects Plugins

Plugin icon
responsive-tabs
Fixed in 4.0.6

References

CVE
CVE-2023-45635
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/d9af12ac-68ef-4c65-aecb-82ce7b927340

Classification

Type
CONTENT INJECTION
OWASP top 10
A1: Injection
CWE
CWE-345
CVSS
4.3 (Medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
8cbb9fd4-c1cf-4ec4-89c6-a0bfff1029b6

Timeline

Publicly Published
2023-10-11 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2023-11-24 (about 2 years ago)

Other

Published
Title
Published
2025-01-03
Title
Poll Maker < 5.5.5 - Unauthenticated HTML Injection
Published
2024-06-03
Title
Claudio Sanches – Checkout Cielo for WooCommerce <= 1.1.0 - Insufficient Verification of Data Authenticity to Order Payment Status Update
Published
2023-11-07
Title
Foyer <= 1.7.5 - Content Injection via Improper Access Control
Published
2021-01-12
Title
WP Quick FrontEnd Editor <= 5.5 - Authenticated Content Injection
Published
2024-02-20
Title
Tutor LMS < 2.6.1 - Student+ HTML Injection via Q&A