CVE-2021-24831
03.01.2022, 13:15
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.
| Vendor | Product | Version |
|---|---|---|
| rich-web | tab | 𝑥 < 1.3.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-862 - Missing AuthorizationThe software does not perform an authorization check when an actor attempts to access a resource or perform an action.
- CWE-425 - Direct Request ('Forced Browsing')The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.