Reflected Cross-Site Scripting in WP Responsive Tabs Plugin for WordPress
CVE-2023-2184

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: WP Responsive Tabs horizontal vertical and accordion Tabs
Vendor: CVE Published:; 9 June 2023

Summary

The WP Responsive Tabs plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the search_term parameter. This vulnerability arises from inadequate input sanitization and output escaping in versions up to and including 1.1.15. As a result, unauthenticated attackers can potentially inject malicious web scripts that execute in the context of the victim's browser, given that they can deceive the user into triggering the attack, such as clicking on a malicious link.

Affected Version(s)

WP Responsive Tabs horizontal vertical and accordion Tabs * <= 1.1.15

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 9, 2023
Vulnerability Reserved
Apr 19, 2023

Credit

Marco Wotschka