CVE-2025-68498

2025-12-30 [email protected]

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 30, 2025 - 00:15 nvd
N/A

Tags

WordPress PHP Authentication Bypass

Description

Missing Authorization vulnerability in Crocoblock JetTabs jet-tabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through <= 2.2.12.

Analysis

Missing authorization in Crocoblock JetTabs WordPress plugin version 2.2.12 and earlier allows unauthenticated or low-privileged attackers to bypass access control restrictions and exploit misconfigured security levels. The vulnerability stems from improper validation of user permissions before executing sensitive operations, potentially enabling unauthorized access to restricted plugin functionality or data.

Technical Context

The Crocoblock JetTabs plugin (CPE: wp:crocoblock:jettabs) is a WordPress extension for creating tabbed content interfaces. The vulnerability is classified as CWE-862 (Missing Authorization), indicating the application fails to verify whether a user has appropriate permissions before granting access to protected resources or operations. WordPress plugins operate within the wp-admin and frontend environments where access control should be enforced via capability checks (e.g., current_user_can()) and nonce verification. The absence of these checks allows attackers to directly invoke restricted functionality regardless of their role or authentication status.

Affected Products

Crocoblock JetTabs WordPress plugin versions 2.2.12 and earlier (CPE: wp:crocoblock:jettabs). The vulnerability affects all installations within this version range running on WordPress environments. Details and advisory information are available from the Patchstack vulnerability database at https://patchstack.com/database/Wordpress/Plugin/jet-tabs/vulnerability/wordpress-jettabs-plugin-2-2-12-broken-access-control-vulnerability?_s_id=cve.

Remediation

Upgrade the Crocoblock JetTabs plugin to a version newer than 2.2.12 immediately. Consult the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/jet-tabs/vulnerability/wordpress-jettabs-plugin-2-2-12-broken-access-control-vulnerability for the exact patched version number and download link. If an immediate upgrade is not possible, temporarily disable the JetTabs plugin until patched. Additionally, review WordPress user roles and capabilities to ensure only trusted administrators have access to sensitive plugin features, and regularly audit access logs for unauthorized API calls or admin action attempts targeting JetTabs functionality.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2025-68498 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy