CVE-2021-24831

Name of the Vulnerable Software and Affected Versions Tab WordPress plugin versions prior to 1.3.2

Description The issue allows unauthenticated attackers to modify various data in the plugin, such as add, edit, or delete arbitrary tabs, because all AJAX actions of the Tab WordPress plugin are available to both unauthenticated and authenticated users.

Recommendations For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to AJAX actions in the plugin to minimize the risk of exploitation.