Unauthenticated Access and Data Manipulation Vulnerability in Tab WordPress Plugin
CVE-2021-24831 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.
Learn more about our Wordpress Pen Testing.