Unauthenticated Access and Data Manipulation Vulnerability in Tab WordPress Plugin

Unauthenticated Access and Data Manipulation Vulnerability in Tab WordPress Plugin

CVE-2021-24831 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.

Learn more about our Wordpress Pen Testing.