CVE-2021-24831

Summary

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.

Affected Software

VendorProductVersion RangeStatus
UnknownTab – Accordion, FAQ1.3.2 < 1.3.2affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

References