2 matches found
CVE-2021-24831
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs...
CVE-2021-24831
The CVE-2021-24831 entry concerns the WordPress Tab – Accordion, FAQ plugin prior to version 1.3.2. Affected component: the plugin’s AJAX endpoints; root cause described as all AJAX actions being accessible to both unauthenticated and authenticated users. Impact per sources: unauthenticated attac...