How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

Tabs Responsive < 2.2.8 - Editor+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Create/edit a Tab via the plugin, and put the following payload in a Tab description: "><img src onerror=alert(/XSS/)>

The XSS will be triggered in posts/pages where the Tab is embed via the [TABS_R id=XXXX] shortcode

Affects Plugins

tabs-responsive

Fixed in version 2.2.8

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Fayçal CHENA

Submitter

Fayçal CHENA

Submitter website

https://fafachena.com/

Submitter twitter

Verified

Yes

WPVDB ID

e124d1ab-3e02-4ca5-8218-ce635e8bf074

Timeline

Publicly Published

2022-05-02 (about 3 months ago)

Added

2022-05-02 (about 3 months ago)

Last Updated

2022-05-03 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin