CVE-2024-1846

Name of the Vulnerable Software and Affected Versions Responsive Tabs WordPress plugin versions prior to 4.0.7

Description The issue concerns a Stored Cross-Site Scripting flaw. It arises from the plugin's failure to validate and escape certain shortcode attributes before outputting them in a page or post where the shortcode is embedded. This could allow users with the contributor role and above to perform attacks. Attackers can exploit this flaw to create admin accounts via crafted posts, posing severe risks to website security.

Recommendations For versions prior to 4.0.7, update to version 4.0.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable shortcode attributes until a patch is applied. Avoid using the vulnerable shortcode in posts or pages until the issue is resolved.