Custom Product Tabs For Woocommerce
by Yikes, Inc.
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-11465 | Hig | 0.47 | 7.2 | 0.01 | Jan 7, 2025 | The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikes_woo_products_tabs' post meta parameter. This makes it possible for authenticated… | ||
| CVE-2024-12721 | Hig | 0.47 | 7.2 | 0.01 | Dec 21, 2024 | The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_custom_tabs' parameter. This makes it possible for authenticated attackers, with… | ||
| CVE-2025-58985 | Med | 0.42 | 6.5 | 0.00 | Sep 9, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce product-tabs-for-woocommerce allows Stored XSS.This issue affects Additional Custom Product Tabs for WooCommerce: from… | ||
| CVE-2025-26749 | Med | 0.42 | 6.5 | 0.00 | Apr 15, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce product-tabs-for-woocommerce allows Stored XSS.This issue affects Additional Custom Product Tabs for WooCommerce: from… | ||
| CVE-2022-28666 | Med | 0.35 | 5.3 | 0.01 | Jul 21, 2022 | Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update. | ||
| CVE-2022-43463 | Med | 0.31 | 4.8 | 0.00 | Nov 18, 2022 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product Tabs for WooCommerce plugin <= 1.7.9 on WordPress. |
- risk 0.47cvss 7.2epss 0.01
The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikes_woo_products_tabs' post meta parameter. This makes it possible for authenticated…
- risk 0.47cvss 7.2epss 0.01
The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_custom_tabs' parameter. This makes it possible for authenticated attackers, with…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce product-tabs-for-woocommerce allows Stored XSS.This issue affects Additional Custom Product Tabs for WooCommerce: from…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce product-tabs-for-woocommerce allows Stored XSS.This issue affects Additional Custom Product Tabs for WooCommerce: from…
- risk 0.35cvss 5.3epss 0.01
Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.
- risk 0.31cvss 4.8epss 0.00
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product Tabs for WooCommerce plugin <= 1.7.9 on WordPress.