[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRTgvg5ugppwKdkjVxFFe-GxQNP-kyoGfRt6wK-OMARQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":21,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":41,"crawl_stats":30,"alternatives":47,"analysis":48,"fingerprints":99},"my-wp-tabs","WP Tabs","1.0","Sohelwpexpert","https:\u002F\u002Fprofiles.wordpress.org\u002Fsohelwpexpert\u002F","\u003Ch3>WP Tabs by http:\u002F\u002Fsohel.prowpexpert.com\u002F\u003C\u002Fh3>\n\u003Cp>This plugin will add an expand collapse Tabs feature inside a post or page.\u003C\u002Fp>\n\u003Cp>Plugin Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Shortcode System\u003C\u002Fli>\n\u003Cli>TinyMCE Button added for generating Shortcode.\u003C\u002Fli>\n\u003Cli>Easy documentation\u003Cbr \u002F>\n& many More.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Live Preview: http:\u002F\u002Fsohel.prowpexpert.com\u002Fmy-tabs\u002F\u003C\u002Fp>\n","This plugin will add an expand collapse Tabs feature inside a post or page.",10,1135,0,"","4.0.38","3.0.1",[],"http:\u002F\u002Fsohel.prowpexpert.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmy-wp-tabs.zip",99,1,"2025-03-03 00:00:00","2026-03-15T14:44:11.924Z",[25],{"id":26,"url_slug":27,"title":28,"description":29,"plugin_slug":4,"theme_slug":30,"affected_versions":31,"patched_in_version":32,"severity":33,"cvss_score":34,"cvss_vector":35,"vuln_type":36,"published_date":22,"updated_date":37,"references":38,"days_to_patch":40},"CVE-2024-11503","wp-tabs-authenticated-admin-stored-cross-site-scripting","WP Tabs \u003C= 2.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting","The WP Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=2.2.6","2.2.7","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-21 15:49:37",[39],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F54b65d91-be44-4596-be23-5a9e1d4d66dd?source=api-prod",50,{"slug":42,"display_name":7,"profile_url":8,"plugin_count":11,"total_installs":43,"avg_security_score":44,"avg_patch_time_days":40,"trust_score":45,"computed_at":46},"sohelwpexpert",190,86,78,"2026-04-04T13:10:29.377Z",[],{"attackSurface":49,"codeSignals":79,"taintFlows":86,"riskAssessment":87,"analyzedAt":98},{"hooks":50,"ajaxHandlers":66,"restRoutes":67,"shortcodes":68,"cronEvents":77,"entryPointCount":78,"unprotectedCount":13},[51,57,61],{"type":52,"name":53,"callback":54,"file":55,"line":56},"action","wp_enqueue_scripts","wp_sohel_tab_latest_jquery","tabs-functions.php",15,{"type":52,"name":58,"callback":59,"file":55,"line":60},"wp_footer","wp_sohel_tab_plugin_function",25,{"type":62,"name":63,"callback":64,"file":55,"line":65},"filter","widget_text","do_shortcode",95,[],[],[69,73],{"tag":70,"callback":71,"file":55,"line":72},"tabs","sohel_shortcode_tabs",29,{"tag":74,"callback":75,"file":55,"line":76},"tab","sohel_shortcode_tab",81,[],2,{"dangerousFunctions":80,"sqlUsage":81,"outputEscaping":83,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":85},[],{"prepared":13,"raw":13,"locations":82},[],{"escaped":13,"rawEcho":13,"locations":84},[],[],[],{"summary":88,"deductions":89},"The static analysis of my-wp-tabs v1.0 reveals a generally positive security posture, with no critical issues identified in terms of dangerous functions, unsanitized SQL queries, or unescaped output. The absence of file operations and external HTTP requests further contributes to a reduced attack surface. The code adheres to good practices by utilizing prepared statements for all SQL queries and properly escaping all output.  However, the presence of 2 shortcodes without explicit capability checks or nonce validation introduces potential blind spots. While the static analysis did not find any direct vulnerabilities in these entry points, this lack of security controls warrants careful consideration, especially as attack surface increases.  The vulnerability history indicates a single past medium-severity vulnerability related to Cross-Site Scripting (XSS), which was last addressed on March 3rd, 2025. The fact that it is currently unpatched is a significant concern, suggesting a potential for re-introduction of similar issues if not thoroughly addressed.  Overall, the plugin demonstrates good coding practices in core areas but has a notable weakness in securing its shortcode entry points and a concerning history of an unpatched vulnerability.",[90,93,96],{"reason":91,"points":92},"Shortcodes without capability checks",8,{"reason":94,"points":95},"Shortcodes without nonce checks",7,{"reason":97,"points":56},"Unpatched medium vulnerability (XSS)","2026-03-16T23:32:40.795Z",{"wat":100,"direct":107},{"assetPaths":101,"generatorPatterns":104,"scriptPaths":105,"versionParams":106},[102,103],"\u002Fwp-content\u002Fplugins\u002Fmy-wp-tabs\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Fmy-wp-tabs\u002Fstyle.css",[],[102],[],{"cssClasses":108,"htmlComments":116,"htmlAttributes":117,"restEndpoints":118,"jsGlobals":119,"shortcodeOutput":121},[109,110,111,112,70,113,114,74,115],"tab-holder","shortcode-tabs","tabs-wrapper","tabset","tab-box","tabs-container","tab_content",[],[],[],[120],"sohel_wp_tabs_counter",[122,123,124,125,126,127,128,129,130],"\u003Cdiv id=\"tabs-","\" class=\"tab-holder shortcode-tabs clearfix tabs-","\">\u003Cdiv class=\"tab-hold tabs-wrapper\">\u003Cul id=\"tabs\" class=\"tabset tabs\">\u003Cli>\u003Ca href=\"#","\">","\u003C\u002Fa>\u003C\u002Fli>\u003C\u002Ful>\u003Cdiv class=\"tab-box tabs-container\">","\u003C\u002Fdiv>\u003C\u002Fdiv>\u003C\u002Fdiv>","\u003Cdiv id=\"tab","\" class=\"tab tab_content\">","\u003C\u002Fdiv>"]