Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-36375
CVE-2022-36375:
WordPress vulnerability analysis and mitigation
Overview
The CVE-2022-36375 vulnerability affects Biplob Adhikari's Tabs WordPress plugin versions 3.6.0 and earlier. This vulnerability allows authenticated users with high privileges to modify WordPress options that they should not have access to (WPScan, CVE). The issue was discovered and disclosed on July 22, 2022.
Technical details
The vulnerability is classified as a Broken Access Control issue (OWASP Top 10 A5) with a CVSS v3 base score of 4.7 (medium). It specifically relates to incorrect authorization that allows high-privilege users to update arbitrary blog options beyond their intended permissions (WPScan).
Impact
When exploited, this vulnerability could allow authenticated users with high privileges to modify WordPress configuration options that should be restricted, potentially leading to unauthorized changes in the site's settings (Patchstack).
Mitigation and workarounds
The vulnerability was patched in version 3.7.0 of the Tabs plugin. Site administrators should update to this version or later to resolve the security issue (WordPress Changelog).
Additional resources
Source: This report was generated using AI
Related WordPress vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management