CVE Vulnerability

CVE-2021-24831

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://wpscan.com/vulnerability/75ed9f5f-e091-4372-a6cb-57958ad5f900 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:rich-web:tab:*:*:*:*:*:wordpress:*:*
Information

Published : 2022-01-03 01:15

Updated : 2022-02-10 03:11

NVD link : CVE-2021-24831

Mitre link : CVE-2021-24831

Products Affected
No products.
CWE
CWE-862