CVE-2021-24831

Exploit

EPSS 0.9%
Veröffentlicht 03.01.2022 13:15:08
Zuletzt bearbeitet 21.11.2024 05:53:50
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Tab – Accordion, FAQ < 1.3.2 - Unauthenticated Arbitrary Tab Modification

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.

Mögliche Gegenmaßnahme

Tab – Accordion, FAQ: Update to version 1.3.2, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Tab – Accordion, FAQ

Version [*, 1.3.2)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rich-web ≫ Tab SwPlatformwordpress Version < 1.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.9%	0.749

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-425 Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://wpscan.com/vulnerability/75ed9f5f-e091-4372-a6cb-57958ad5f900

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/ec002a5a-1965-4828-8a0a-19941af98e2d

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-24831

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-24831

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-24831

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-24831