shapedplugin CVE Vulnerabilities & Metrics

Focus on shapedplugin vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About shapedplugin Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with shapedplugin. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total shapedplugin CVEs: 10
Earliest CVE date: 21 Dec 2021, 09:15 UTC
Latest CVE date: 05 Jan 2024, 12:15 UTC

Latest CVE reference: CVE-2023-52124

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical shapedplugin CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.9

Max CVSS: 5.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	9
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS shapedplugin CVEs

These are the five CVEs with the highest CVSS scores for shapedplugin, sorted by severity first and recency.

CVE-2021-24739 shapedplugin Published on 21 Dec 2021, 09:15 UTC (CVSS: 5.5)
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature
CVE-2021-24738 shapedplugin Published on 21 Dec 2021, 09:15 UTC (CVSS: 3.5)
The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks
CVE-2023-52124 shapedplugin Published on 05 Jan 2024, 12:15 UTC (CVSS: 0)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress: from n/a through 2.2.0.
CVE-2023-0537 shapedplugin Published on 08 May 2023, 14:15 UTC (CVSS: 0)
The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2023-25065 shapedplugin Published on 14 Feb 2023, 12:15 UTC (CVSS: 0)
Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions.

All CVEs for shapedplugin

CVE-2023-52124 shapedplugin vulnerability CVSS: 0 05 Jan 2024, 12:15 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress: from n/a through 2.2.0.

CVE-2023-0537 shapedplugin vulnerability CVSS: 0 08 May 2023, 14:15 UTC

The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

CVE-2023-25065 shapedplugin vulnerability CVSS: 0 14 Feb 2023, 12:15 UTC

Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions.

CVE-2023-0360 shapedplugin vulnerability CVSS: 0 13 Feb 2023, 15:15 UTC

The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVE-2023-0071 shapedplugin vulnerability CVSS: 0 30 Jan 2023, 21:15 UTC

The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVE-2022-4629 shapedplugin vulnerability CVSS: 0 23 Jan 2023, 15:15 UTC

The Product Slider for WooCommerce WordPress plugin before 2.6.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

CVE-2022-4648 shapedplugin vulnerability CVSS: 0 16 Jan 2023, 16:15 UTC

The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

CVE-2022-2382 shapedplugin vulnerability CVSS: 0 22 Aug 2022, 15:15 UTC

The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options.

CVE-2021-24739 shapedplugin vulnerability CVSS: 5.5 21 Dec 2021, 09:15 UTC

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature

CVE-2021-24738 shapedplugin vulnerability CVSS: 3.5 21 Dec 2021, 09:15 UTC

The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks