Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-24831. PoCs published by tomorroisnew.
Description
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.
Exploits (1)
github
NO CODE
2 stars
by tomorroisnew · poc
https://github.com/tomorroisnew/CVE/tree/main/CVE-2021-24831
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/75ed9f5f-e091-4372-a6cb-57958ad5f900
Scores
CVSS v3
7.5
EPSS
0.0120
EPSS Percentile
63.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-862
CWE-425
Status
published
Products (1)
rich-web/tab
< 1.3.2
Published
Jan 03, 2022
Tracked Since
Feb 18, 2026