CVE-2023-0368: Responsive Tabs For WPBakery Page Builder <= 1.1 - Contributor+ Stored XSS

0.0 CVSS

Description

The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Classification

CVE ID: CVE-2023-0368

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: Unknown

Product: Responsive Tabs For WPBakery Page Builder (formerly Visual Composer)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 26.37% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://wpscan.com/vulnerability/b41e5c09-1034-48a7-ac0f-d4db6e7a3b3e

Timeline

2024-12-13 00:30:20 UTC
CVE

Responsive Tabs For WPBakery Page Builder <= 1.1 - Contributor+ Stored XSS