WordPress dTabs plugin <= 1.4 - Reflected Cross-Site Scripting (XSS) vulnerability

2022-03-0100:00:00

Ran Crane

patchstack.com

0.001 Low

EPSS

Percentile

40.2%

JSON

Reflected Cross-Site Scripting (XSS) vulnerability discovered by Ran Crane in WordPress dTabs plugin (versions <= 1.4).

Solution

Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review.

CPENameOperatorVersion
dtabsle1.4

CPE	Name	Operator	Version
	dtabs	le	1.4

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0621

wordpress.org/plugins/dtabs/

wpscan.com/vulnerability/b5578747-298d-4f4b-867e-46b767485a98

0.001 Low

EPSS

Percentile

40.2%

JSON

Related for PATCHSTACK:AEB92687B4E17866B492CDA9CCBB9BF5