Source: National Vulnerability Database

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24831

83 hits since 2022-01-05

PHP Vulns Source Ratio: 15% (5368 total, 395 propagated, 2684 filtered)