Vulnerabilities and security researches forwp-expand-tabs-free wp-expand-tabs-free

May 18, 2025

CVE, Research URL: CVE-2025-48134
Home page URL: Security reports for WP Tabs – Responsive Tabs Plugin for WordPress
Application: WP Tabs – Responsive Tabs Plugin for WordPress
Date: May 16, 2025
Research Description: Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs allows Object Injection. This issue affects WP Tabs: from n/a through 2.2.11.
Affected versions: Min -, max -.
Status: vulnerable

Mar 27, 2025

CVE, Research URL: CVE-2024-11503
Home page URL: Security reports for WP Tabs – Responsive Tabs Plugin for WordPress
Application: WP Tabs – Responsive Tabs Plugin for WordPress
Date: Mar 25, 2025
Research Description: The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2023-52124
Home page URL: Security reports for WP Tabs – Responsive Tabs Plugin for WordPress
Application: WP Tabs – Responsive Tabs Plugin for WordPress
Date: Jan 05, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress: from n/a through 2.2.0.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-25065
Home page URL: Security reports for WP Tabs – Responsive Tabs Plugin for WordPress
Application: WP Tabs – Responsive Tabs Plugin for WordPress
Date: Feb 14, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-0071
Home page URL: Security reports for WP Tabs – Responsive Tabs Plugin for WordPress
Application: WP Tabs – Responsive Tabs Plugin for WordPress
Date: Jan 31, 2023
Research Description: The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions: Min -, max -.
Status: vulnerable