← Back

Shapedplugin

shapedplugin

16 CVEs • 7 products

Products (7)

Click to collapse
Toggle
Wp Tabs
wp_tabs
5 CVEs
Product Slider For Woocommerce
product_slider_for_woocommerce
3 CVEs
Smart Post Show
smart_post_show
3 CVEs
Logo Carousel
logo_carousel
2 CVEs
Real Testimonials
real_testimonials
1 CVE
Location Weather
location_weather
1 CVE
Wp Carousel
wp_carousel
1 CVE

CVEs (16)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-48134
1Shapedplugin
1Wp Tabs
Apr 23, 2026
May 16, 2025
N/A· v4
7.2 HIGH· v3
N/A· v2
Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs wp-expand-tabs-free allows Object Injection.This issue affects WP Tabs: from n/a through <= 2.2.12.
CVE-2024-8187
1Shapedplugin
1Smart Post Show
May 27, 2025
May 15, 2025
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The Smart Post Show WordPress plugin before 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfi...Show more
The Smart Post Show WordPress plugin before 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-3996
1Shapedplugin
1Smart Post Show
Nov 13, 2025
May 15, 2025
N/A· v4
3.5 LOW· v3
N/A· v2
The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unf...Show more
The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2024-11503
1Shapedplugin
1Wp Tabs
Apr 29, 2025
Mar 25, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_h...Show more
The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-2949
1Shapedplugin
1Wp Carousel
Apr 8, 2026
Apr 6, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting...Show more
The Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel widget in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2023-52124
1Shapedplugin
1Wp Tabs
Apr 28, 2026
Jan 5, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Respons...Show more
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress: from n/a through 2.2.0.Show less
CVE-2023-0537
1Shapedplugin
1Product Slider For Woocommerce
Jan 29, 2025
May 8, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could al...Show more
The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksShow less
CVE-2023-25065
1Shapedplugin
1Wp Tabs
Nov 21, 2024
Feb 14, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions.
CVE-2023-0360
1Shapedplugin
1Location Weather
Mar 20, 2025
Feb 13, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor...Show more
The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.Show less
CVE-2023-0097
1Shapedplugin
1Smart Post Show
Apr 21, 2025
Jan 30, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could a...Show more
The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.Show less
CVE-2023-0071
1Shapedplugin
1Wp Tabs
Mar 27, 2025
Jan 30, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contribut...Show more
The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.Show less
CVE-2022-4629
1Shapedplugin
1Product Slider For Woocommerce
Apr 2, 2025
Jan 23, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Product Slider for WooCommerce WordPress plugin before 2.6.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contri...Show more
The Product Slider for WooCommerce WordPress plugin before 2.6.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.Show less
CVE-2022-4648
1Shapedplugin
1Real Testimonials
Apr 7, 2025
Jan 16, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perf...Show more
The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.Show less
CVE-2022-2382
1Shapedplugin
1Product Slider For Woocommerce
Nov 21, 2024
Aug 22, 2022
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in partic...Show more
The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options.Show less
CVE-2021-24739
1Shapedplugin
1Logo Carousel
Nov 21, 2024
Dec 21, 2021
N/A· v4
8.1 HIGH· v3
5.5 MEDIUM· v2
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature
CVE-2021-24738
1Shapedplugin
1Logo Carousel
Nov 21, 2024
Dec 21, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks