CVE-2021-24831 – The Tab WordPress plugin before version 1.3.2 e... (How to Fix)

Q: What is the severity of CVE-2021-24831?

CVE-2021-24831 has a CVSS score of 7.5 (HIGH). The Tab WordPress plugin before version 1.3.2 exposes all AJAX actions to unauthenticated users, allowing attackers to add, edit, or delete arbitrary tabs without authentication. This affects WordPress sites running vulnerable versions of the Tab plugin.

📋 TL;DR

The Tab WordPress plugin before version 1.3.2 exposes all AJAX actions to unauthenticated users, allowing attackers to add, edit, or delete arbitrary tabs without authentication. This affects WordPress sites running vulnerable versions of the Tab plugin.

💻 Affected Systems

Products:

Tab WordPress plugin

Versions: All versions before 1.3.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations with the Tab plugin enabled.

📦 What is this software?

Tab by Rich Web

View all CVEs affecting Tab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could deface websites, inject malicious content, or delete all tab content, potentially leading to data loss and reputation damage.

🟠

Likely Case

Unauthenticated attackers modify tab content to insert malicious links, spam, or deface the site's tab sections.

🟢

If Mitigated

With proper access controls, only authenticated administrators could modify tabs, preventing unauthorized changes.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted AJAX requests to vulnerable endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.2

Vendor Advisory: https://wpscan.com/vulnerability/75ed9f5f-e091-4372-a6cb-57958ad5f900

Restart Required: No

Instructions:

1. Update Tab plugin to version 1.3.2 or later via WordPress admin panel. 2. Verify update completes successfully. 3. Test tab functionality.

🔧 Temporary Workarounds

Disable plugin

all

Temporarily disable the Tab plugin until patched.

wp plugin deactivate tab

Restrict AJAX endpoints

all

Use web application firewall to block unauthenticated access to /wp-admin/admin-ajax.php?action=tab_* endpoints.

🧯 If You Can't Patch

Disable the Tab plugin entirely.
Implement strict network access controls to limit who can reach the WordPress admin AJAX endpoints.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel for Tab plugin version. If version is below 1.3.2, it's vulnerable.

Check Version:

wp plugin get tab --field=version

Verify Fix Applied:

Confirm Tab plugin version is 1.3.2 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /wp-admin/admin-ajax.php with tab_* actions from unauthenticated IPs.
Multiple failed authentication attempts followed by tab modification requests.

Network Indicators:

Unusual traffic patterns to WordPress AJAX endpoints from external sources.
Spikes in requests to admin-ajax.php with tab-related parameters.

SIEM Query:

source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND query="action=tab_*" AND user="-"

📊 Metadata

CVE ID: CVE-2021-24831

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-862

Published: January 3, 2022

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/75ed9f5f-e091-4372-a6cb-57958ad5f900 Exploit,Third Party Advisory
https://wpscan.com/vulnerability/75ed9f5f-e091-4372-a6cb-57958ad5f900 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24831, you might also want to check these: