CVE-2021-24831

HIGH

Tab WordPress <1.3.2 - Info Disclosure

Title source: llm

Description

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.

Exploits (1)

github NO CODE 2 stars

by tomorroisnew · poc

https://github.com/tomorroisnew/CVE/tree/main/CVE-2021-24831

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/75ed9f5f-e091-4372-a6cb-57958ad5f900

Scores

CVSS v3 7.5

EPSS 0.0090

EPSS Percentile 75.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-862 CWE-425

Status published

Products (1)

rich-web/tab < 1.3.2

Published Jan 03, 2022

Tracked Since Feb 18, 2026