GCVE - cpe:2.3:a:shapedplugin:wp_tabs:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:shapedplugin:wp_tabs:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Shapedplugin (`4955181f-38ba-5777-88a9-efdbf607b7da`)
Product	Wp Tabs (`a0e25953-8b7a-5267-af71-c91104e85cb9`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-48134`	vulnerable	2026-06-03 15:01:34.183147	WordPress WP Tabs plugin <= 2.2.12 - PHP Object Injection Vulnerability HIGH (7.2) Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs wp-expand-tabs-free allows Object Injection.This issue affects WP Tabs: from n/a through <= 2.2.12. Published: 2025-05-16T15:45:13.676Z Updated: 2026-05-12T00:16:37.798Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/wp-expand-tabs-free/vulnerability/wordpress-wp-tabs-2-2-11-php-object-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11503`	vulnerable	2026-06-03 14:54:14.318423	WP Tabs < 2.2.7 - Admin+ Stored XSS The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). Published: 2025-03-25T06:00:10.786Z Updated: 2025-03-25T13:57:34.727Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/25592b6c-b9ab-4d9e-b314-091594ce9189/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-52124`	vulnerable	2026-06-03 14:53:38.727446	WordPress WP Tabs Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS) MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress: from n/a through 2.2.0. Published: 2024-01-05T11:17:08.785Z Updated: 2026-04-28T16:09:05.034Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/wp-expand-tabs-free/wordpress-wp-tabs-responsive-tabs-plugin-for-wordpress-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-25065`	vulnerable	2026-06-03 14:49:32.201393	WordPress WP Tabs Plugin <= 2.1.14 is vulnerable to Cross Site Request Forgery (CSRF) MEDIUM (5.4) Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions. Published: 2023-02-14T11:06:23.993Z Updated: 2026-04-28T16:08:07.823Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/wp-expand-tabs-free/wordpress-wp-tabs-responsive-tabs-plugin-for-wordpress-plugin-2-1-14-cross-site-request-forgery-csrf?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-0071`	vulnerable	2026-06-03 14:48:45.567511	WP Tabs < 2.1.17 - Contributor+ Stored XSS The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: 2023-01-30T20:31:33.172Z Updated: 2025-03-27T20:06:57.897Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/3834a162-2cdc-41e9-9c9d-2b576eed4db9	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.