WP-Safety

Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs Security & Risk Analysis

wordpress.org/plugins/wp-expand-tabs-free

A customizable plugin to create and manage WooCommerce product tabs and WordPress tabs to organize content.

10K active installs v3.1.4 PHP 7.2+ WP 5.0+ Updated Apr 9, 2026
product-tabstabswoocommerce-custom-product-tabswoocommerce-product-tabswoocommerce-tabs-plugin
96
A · Safe
CVEs total5
Unpatched0
Last CVEMay 16, 2025
Plugin page Download
Safety Verdict

Is Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs Safe to Use in 2026?

Generally Safe

Score 96/100

Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

5 known CVEsLast CVE: May 16, 2025Updated 1mo ago
Risk Assessment

The "wp-expand-tabs-free" plugin v3.1.3 presents a mixed security posture. While it demonstrates strengths in using prepared statements for SQL queries and a high percentage of properly escaped output, significant concerns remain regarding its attack surface and past vulnerability history. The presence of 3 AJAX handlers without authentication checks exposes potential entry points for unauthorized actions, especially when combined with the use of the dangerous `unserialize` function, which has historically been a vector for deserialization vulnerabilities. The plugin also has a notable history of 5 CVEs, including a high-severity vulnerability in the past, and common types such as deserialization, XSS, and CSRF, indicating recurring security weaknesses. While there are no currently unpatched CVEs and no critical taint flows identified in this specific static analysis, the past vulnerability patterns and the identified unprotected AJAX handlers warrant caution.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function: unserialize
  • High severity CVE in history
  • Multiple past CVEs
  • Common vulnerability types: Deserialization, XSS, CSRF
Vulnerabilities
5 published

Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs Security Vulnerabilities

CVEs by Year

1 CVE in 2018
2018
3 CVEs in 2023
2023
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
4

5 total CVEs

CVE-2025-48134high · 7.2Deserialization of Untrusted Data

WP Tabs <= 2.2.12 - Authenticated (Administrator+) PHP Object Injection

May 16, 2025 Patched in 2.2.13 (70d)
CVE-2023-52124medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Tabs <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 28, 2023 Patched in 2.2.1 (26d)
CVE-2023-25065medium · 4.3Cross-Site Request Forgery (CSRF)

WP Tabs <= 2.1.14 - Cross Site Request Forgery

Feb 2, 2023 Patched in 2.1.15 (355d)
CVE-2023-0071medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Tabs <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 6, 2023 Patched in 2.1.17 (382d)
CVE-2018-5312medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Tabs – Responsive Tabs Plugin for WordPress <= 1.8.0 - Stored Cross-Site Scripting

Nov 13, 2018 Patched in 2.0.0 (1897d)
Version History

Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs Release Timeline

v3.1.4Current
v3.1.3
v3.1.2
v3.1.1
v3.1.0
v3.0.2
v3.0.1
v3.0.0
v2.2.14
v2.2.13
v2.2.121 CVE
CVE-2025-48134
v2.2.111 CVE
CVE-2025-48134
v2.2.101 CVE
CVE-2025-48134
v2.2.91 CVE
CVE-2025-48134
v2.2.81 CVE
CVE-2025-48134
v2.2.71 CVE
CVE-2025-48134
v2.2.61 CVE
CVE-2025-48134
v2.2.51 CVE
CVE-2025-48134
v2.2.41 CVE
CVE-2025-48134
v2.2.31 CVE
CVE-2025-48134
Code Analysis
Analyzed Mar 16, 2026

Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
2 prepared
Unescaped Output
189
748 escaped
Nonce Checks
16
Capability Checks
11
File Operations
0
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$value = unserialize( $value, array( 'allowed_classes' => false ) );admin\class-wp-tabs-admin.php:176
unserialize$plugins = unserialize( $response['body'] );admin\help-page\help.php:169
unserialize$value = unserialize( $value, array( 'allowed_classes' => false ) );includes\class-wp-tabs-import-export.php:176

SQL Query Safety

100% prepared2 total queries

Output Escaping

80% escaped937 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

4 flows
dismiss_offer_banner (admin\partials\notices\offer-banner.php:154)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs Attack Surface

Entry Points10
Unprotected3

AJAX Handlers 9

authwp_ajax_save_tabs_custom_button_stateadmin\class-smart-tabs-free-admin.php:76
authwp_ajax_wptabspro-chosenadmin\partials\models\functions\actions.php:49
authwp_ajax_shapedplugin_dismiss_offer_banneradmin\partials\notices\offer-banner.php:35
authwp_ajax_sp_tab_preview_meta_boxadmin\preview\class-wp-tabs-preview.php:35
authwp_ajax_sp_save_tabs_orderincludes\class-wp-tabs-product-tab.php:97
authwp_ajax_sp-wptabs-never-show-review-noticeincludes\class-wp-tabs.php:294
authwp_ajax_tabs_export_shortcodeincludes\class-wp-tabs.php:298
authwp_ajax_tabs_import_shortcodeincludes\class-wp-tabs.php:299
authwp_ajax_dismiss_smart_tabs_wc_noticeincludes\class-wp-tabs.php:312

Shortcodes 1

[wptabs] includes\class-wp-tabs.php:344
WordPress Hooks 82
actionin_admin_headeradmin\class-smart-tabs-free-admin.php:43
filtersubmenu_fileadmin\class-smart-tabs-free-admin.php:44
filterscreen_options_show_screenadmin\class-smart-tabs-free-admin.php:45
actionadmin_footeradmin\class-smart-tabs-free-admin.php:47
filtermanage_sp_products_tabs_posts_columnsadmin\class-smart-tabs-free-admin.php:54
filtermanage_sp_products_tabs_posts_columnsadmin\class-smart-tabs-free-admin.php:55
actionmanage_sp_products_tabs_posts_custom_columnadmin\class-smart-tabs-free-admin.php:56
actionmanage_sp_products_tabs_posts_custom_columnadmin\class-smart-tabs-free-admin.php:57
actionadd_meta_boxes_sp_products_tabsadmin\class-smart-tabs-free-admin.php:59
actionsave_post_sp_products_tabsadmin\class-smart-tabs-free-admin.php:60
filterwp_insert_post_dataadmin\class-smart-tabs-free-admin.php:62
filterredirect_post_locationadmin\class-smart-tabs-free-admin.php:64
filterthe_titleadmin\class-smart-tabs-free-admin.php:65
filterpost_row_actionsadmin\class-smart-tabs-free-admin.php:66
filterbulk_actions-edit-sp_products_tabsadmin\class-smart-tabs-free-admin.php:68
filterpost_classadmin\class-smart-tabs-free-admin.php:69
filterwoocommerce_product_data_tabsadmin\class-smart-tabs-free-admin.php:83
actioninitadmin\class-smart-tabs-free-admin.php:85
actionwoocommerce_product_data_panelsadmin\class-smart-tabs-free-admin.php:86
filteruser_has_capadmin\class-smart-tabs-free-admin.php:93
actionafter_setup_themeadmin\class-smart-tabs-free-admin.php:100
actionelementor/preview/enqueue_scriptsadmin\ElementorAddons\class-wp-tabs-elementor-addons.php:62
actionelementor/preview/enqueue_stylesadmin\ElementorAddons\class-wp-tabs-elementor-addons.php:63
actionelementor/editor/before_enqueue_scriptsadmin\ElementorAddons\class-wp-tabs-elementor-addons.php:64
actionelementor/initadmin\ElementorAddons\class-wp-tabs-elementor-addons.php:114
actionelementor/widgets/registeradmin\ElementorAddons\class-wp-tabs-elementor-addons.php:131
actioninitadmin\GutenbergBlock\class-wp-tabs-free-gutenberg-block-init.php:36
actionenqueue_block_editor_assetsadmin\GutenbergBlock\class-wp-tabs-free-gutenberg-block-init.php:37
actionadmin_menuadmin\help-page\help.php:62
actionadmin_print_scriptsadmin\help-page\help.php:68
actionwptabspro_enqueueadmin\help-page\help.php:69
actionwp_headadmin\partials\models\classes\abstract.class.php:51
actionadd_meta_boxesadmin\partials\models\classes\metabox.class.php:108
actionsave_postadmin\partials\models\classes\metabox.class.php:109
actionedit_attachmentadmin\partials\models\classes\metabox.class.php:110
actionadmin_menuadmin\partials\models\classes\options.class.php:167
actionadmin_bar_menuadmin\partials\models\classes\options.class.php:168
actionnetwork_admin_menuadmin\partials\models\classes\options.class.php:172
actionafter_setup_themeadmin\partials\models\classes\setup.class.php:94
actioninitadmin\partials\models\classes\setup.class.php:95
actionswitch_themeadmin\partials\models\classes\setup.class.php:96
actionadmin_enqueue_scriptsadmin\partials\models\classes\setup.class.php:97
actionadmin_headadmin\partials\models\classes\setup.class.php:98
actionprint_default_editor_scriptsadmin\partials\models\fields\wp_editor\wp_editor.php:113
filterwptabspro_fa4admin\partials\models\functions\actions.php:52
actionadmin_noticesadmin\partials\notices\offer-banner.php:34
actionsave_post_sp_products_tabsincludes\class-wp-tabs-product-tab.php:98
actionpre_get_postsincludes\class-wp-tabs-product-tab.php:99
actionwoocommerce_process_product_metaincludes\class-wp-tabs-product-tab.php:100
actionadmin_enqueue_scriptsincludes\class-wp-tabs-product-tab.php:102
actionwp_enqueue_scriptsincludes\class-wp-tabs-product-tab.php:103
filterbulk_post_updated_messagesincludes\class-wp-tabs-product-tab.php:108
filteredit_posts_per_pageincludes\class-wp-tabs-product-tab.php:109
filterbody_classincludes\class-wp-tabs-product-tab.php:114
actionplugins_loadedincludes\class-wp-tabs-updates.php:45
filterwoocommerce_product_tabsincludes\class-wp-tabs.php:136
filterwoocommerce_product_tabsincludes\class-wp-tabs.php:143
actionadmin_enqueue_scriptsincludes\class-wp-tabs.php:261
actionwidgets_initincludes\class-wp-tabs.php:262
actionadmin_action_sp_duplicate_tabsincludes\class-wp-tabs.php:263
filterpost_row_actionsincludes\class-wp-tabs.php:264
actionactivated_pluginincludes\class-wp-tabs.php:266
actioninitincludes\class-wp-tabs.php:270
actioninitincludes\class-wp-tabs.php:278
actionedit_form_topincludes\class-wp-tabs.php:279
filterpost_updated_messagesincludes\class-wp-tabs.php:282
filtermanage_sp_wp_tabs_posts_columnsincludes\class-wp-tabs.php:283
actionmanage_sp_wp_tabs_posts_custom_columnincludes\class-wp-tabs.php:284
filterplugin_action_linksincludes\class-wp-tabs.php:288
filteradmin_footer_textincludes\class-wp-tabs.php:289
filterupdate_footerincludes\class-wp-tabs.php:290
actionadmin_noticesincludes\class-wp-tabs.php:293
actionadmin_noticesincludes\class-wp-tabs.php:311
actionwp_enqueue_scriptsincludes\class-wp-tabs.php:335
actionadmin_enqueue_scriptsincludes\class-wp-tabs.php:336
actionwp_loadedincludes\class-wp-tabs.php:337
filtersp_wp_tabs_contentincludes\class-wp-tabs.php:339
actionsptpro_action_tag_for_shortcodeincludes\class-wp-tabs.php:343
filterwp_revisions_to_keepincludes\updates\update-2.1.10.php:24
actionafter_setup_themeplugin-main.php:75
filterplugin_row_metaplugin-main.php:94
actionsave_postpublic\class-wp-tabs-shortcode.php:53
Maintenance & Trust

Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 9, 2026
PHP min version7.2
Downloads345K

Community Trust

Rating98/100
Number of ratings133
Active installs10K
Alternatives

Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs Alternatives

Custom Product tabs for WooCommerce

Custom Product tabs for WooCommerce

wb-custom-product-tabs-for-woocommerce

A
98

Create unlimited WooCommerce tabs and assign them in bulk by category, tag, brand, or product. Also disable WooCommerce’s default product tabs.

10K 1 CVE
Product Tabs for WooCommerce

Product Tabs for WooCommerce

woocommerce-product-tabs

A
100

Discover the easy way to add extra tabs to your WooCommerce product pages.

10K No CVEs
TG Product Tab Manager

TG Product Tab Manager

product-tab-manager

A
92

This plugin allows you to manage your Woocommerce product page tabs. Tabs can be renamed, removed and re-ordered on the single product page.

10 No CVEs
Product Tabs Manager – Custom WooCommerce Product Tabs, Extra Tabs, Tab Editor & Tab Customizer

Product Tabs Manager – Custom WooCommerce Product Tabs, Extra Tabs, Tab Editor & Tab Customizer

product-tabs-manager

A
100

Create unlimited custom WooCommerce product tabs, manage default tabs, exclude tabs by product or category, add specifications, FAQs & more – 100% &hellip;

10 No CVEs
Dynamic Product Tabs Builder for WooCommerce

Dynamic Product Tabs Builder for WooCommerce

dynamic-product-tabs-builder-for-woocommerce

A
100

Create custom product tabs with custom content for clearer WooCommerce product pages - Defined sitewide or per product.

0 No CVEs
Developer Profile

Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs Developer Profile

ShapedPlugin LLC

18 plugins · 315K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
361 days
View full developer profile
Detection Fingerprints

How We Detect Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-expand-tabs-free/public/assets/css/sp-wp-tabs-free.min.css/wp-content/plugins/wp-expand-tabs-free/public/assets/js/sp-wp-tabs-free.min.js/wp-content/plugins/wp-expand-tabs-free/public/assets/css/font-awesome.min.css/wp-content/plugins/wp-expand-tabs-free/admin/css/wp-tabs-admin.min.css
Script Paths
/wp-content/plugins/wp-expand-tabs-free/public/assets/js/sp-wp-tabs-free.min.js
Version Parameters
wp-expand-tabs-free/public/assets/css/sp-wp-tabs-free.min.css?ver=wp-expand-tabs-free/public/assets/js/sp-wp-tabs-free.min.js?ver=wp-expand-tabs-free/public/assets/css/font-awesome.min.css?ver=wp-expand-tabs-free/admin/css/wp-tabs-admin.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
sp-wp-tabs-free-container
HTML Comments
<!-- SP Tabs Free Widget -->
Data Attributes
data-sp-tabs-free-id
JS Globals
sp_wp_tabs_free_params
Shortcode Output
[sp_wp_tabs id=""]
FAQ

Frequently Asked Questions about Custom Product Tabs for WooCommerce & WordPress Tabs Builder – Smart Tabs