CVE-2023-0368

Name of the Vulnerable Software and Affected Versions The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin version 1.1 and earlier

Description The issue concerns the failure to validate and escape certain shortcode attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This occurs when these attributes are outputted back in a page or post where the shortcode is embedded.

Recommendations For The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin version 1.1 and earlier, consider updating to a version that addresses this issue, as the current version does not properly validate and escape shortcode attributes, posing a risk of Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.