Tab - Accordion, FAQ < 1.3.2 - Unauthenticated AJAX Calls
CVE-2021-24831

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Tab – Accordion, Faq
Vendor: CVE Published:; 3 January 2022

What is CVE-2021-24831?

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.

Affected Version(s)

Tab – Accordion, FAQ 1.3.2

References

https://wpscan.com/vulnerability/75ed9f5f-e091-4372-a6cb-...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 3, 2022
Vulnerability Reserved
Jan 14, 2021

Credit

Brandon Roldan

CVE-2021-24831 Data

JSON

Wordpress

What is CVE-2021-24831?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit