cve/2024/CVE-2024-1846.md

CVE-2024-1846

Description

The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

POC

Reference

• https://wpscan.com/vulnerability/ea2a8420-4b0e-4efb-a0c6-ceea996dae5a/
• https://wpscan.com/vulnerability/ea2a8420-4b0e-4efb-a0c6-ceea996dae5a/

Github

• https://github.com/fkie-cad/nvd-json-data-feeds