CVE-2024-13387

Summary

CVE-2024-13387 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the WP Responsive Tabs plugin for WordPress. The issue lies in the plugin's 'wprtabs' shortcode, where insufficient input sanitization and output escaping on user-supplied attributes allow authenticated attackers with contributor-level access or higher to inject malicious web scripts. These scripts will execute whenever a user accesses a page with the injected content. This vulnerability poses a significant risk, as it can lead to unintended functionality, information disclosure, or even unauthorized actions on the compromised WordPress site. Users are urged to update the plugin to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.