Summaryinfo

A vulnerability classified as critical was found in Biplob Adhikari Tabs Plugin up to 3.6.0 on WordPress. This vulnerability affects unknown code of the component Options Change Handler. The manipulation leads to access control. This vulnerability was named CVE-2022-36375. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Detailsinfo

A vulnerability classified as critical has been found in Biplob Adhikari Tabs Plugin up to 3.6.0 on WordPress (WordPress Plugin). This affects an unknown code block of the component Options Change Handler. The manipulation with an unknown input leads to a access control vulnerability. CWE is classifying the issue as CWE-264. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress.

The weakness was presented 07/26/2022. The advisory is shared at patchstack.com. This vulnerability is uniquely identified as CVE-2022-36375 since 07/22/2022. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1068 for this issue.

Applying a patch is able to eliminate this problem. The bugfix is ready for download at plugins.trac.wordpress.org.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• WordPress Plugin

Vendor

• Biplob Adhikari

Name

• Tabs Plugin

Version

• 3.0
• 3.1
• 3.2
• 3.3
• 3.4
• 3.5
• 3.6.0

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion