Headline
CVE-2022-36375: WordPress Tabs plugin <= 3.6.0 - Authenticated WordPress Options Change vulnerability - Patchstack
Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari’s Tabs plugin <= 3.6.0 at WordPress.
Verified
Fixed
7.2
CVSS 3.1 score High severity
Monitoring Coming soon
PSID
1c4cb2efc607
Classification
Other Vulnerability Type
OWASP Top 10
A5: Broken Access Control
Required privilege
Requires high role user authentication.
Publicly disclosed
2022-07-25
Details
Authenticated WordPress Options Change vulnerability discovered by m0ze (Patchstack) in WordPress Tabs plugin (versions <= 3.6.0).
Solution
Update the WordPress Tabs plugin to the latest available version (at least 3.7.0).
References
Changeset