CVE-2024-0719

Name of the Vulnerable Software and Affected Versions The Tabs Shortcode and Widget WordPress plugin versions 1.17 and earlier

Description The issue concerns the lack of validation and escaping of some shortcode attributes in the plugin, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This occurs when the shortcode is embedded in a page or post and the attributes are outputted back without proper sanitization.

Recommendations For versions 1.17 and earlier, update to a version that includes the necessary validation and escaping of shortcode attributes to prevent Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.