All AJAX actions of the Tab WordPress plugin prior to 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated malicious users to modify various data in the plugin, such as add/edit/delete arbitrary tabs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rich-web tab |