CVE-2021-24831

Опубликовано: 03 янв. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.

Ссылки

https://wpscan.com/vulnerability/75ed9f5f-e091-4372-a6cb-57958ad5f900
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/75ed9f5f-e091-4372-a6cb-57958ad5f900
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rich-web:tab:*:*:*:*:*:wordpress:*:*

Версия до 1.3.2 (исключая)

EPSS

Процентиль: 75%

0.00898

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-862

CWE-425

Связанные уязвимости

GHSA-fh28-f6m7-2h5v