WordPress Plugin Vulnerabilities

Tabs < 3.7.0 - Authenticated Arbitrary Options Update

Description

The plugin could allow high privilege users to update arbitrary blog options even hough they should not be able to

Affects Plugins

Plugin icon
vc-tabs
Fixed in 3.7.0

References

CVE
CVE-2022-36375

Classification

Type
INCORRECT AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-863
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
m0ze
Verified
No
WPVDB ID
9a586367-2802-462f-b1d4-3ed9d2686b84

Timeline

Publicly Published
2021-12-20 (about 2 years ago)
Added
2022-07-27 (about 1 years ago)
Last Updated
2023-04-25 (about 1 years ago)

Other

Published
Title
Published
2023-11-16
Title
Jetpack < 12.7 - Improper Authorization via WPCom External Media REST endpoints
Published
2024-02-03
Title
WP Hotel Booking < 2.0.9.3 - Improper Authorization on Multiple REST API Routes
Published
2021-09-29
Title
Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload
Published
2022-11-17
Title
Crowdsignal Dashboard < 3.0.10 - Contributor+ Rating Settings Update
Published
2024-01-29
Title
Avada < 7.11.2 - Contributor+ Arbitrary File Upload