Crocoblock JetTabs CVE-2025-68498
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Missing Authorization vulnerability in Crocoblock JetTabs jet-tabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through <= 2.2.12.
AnalysisAI
Missing authorization in Crocoblock JetTabs WordPress plugin version 2.2.12 and earlier allows unauthenticated or low-privileged attackers to bypass access control restrictions and exploit misconfigured security levels. The vulnerability stems from improper validation of user permissions before executing sensitive operations, potentially enabling unauthorized access to restricted plugin functionality or data.
Technical ContextAI
The Crocoblock JetTabs plugin (CPE: wp:crocoblock:jettabs) is a WordPress extension for creating tabbed content interfaces. The vulnerability is classified as CWE-862 (Missing Authorization), indicating the application fails to verify whether a user has appropriate permissions before granting access to protected resources or operations. WordPress plugins operate within the wp-admin and frontend environments where access control should be enforced via capability checks (e.g., current_user_can()) and nonce verification. The absence of these checks allows attackers to directly invoke restricted functionality regardless of their role or authentication status.
Affected ProductsAI
Crocoblock JetTabs WordPress plugin versions 2.2.12 and earlier (CPE: wp:crocoblock:jettabs). The vulnerability affects all installations within this version range running on WordPress environments. Details and advisory information are available from the Patchstack vulnerability database at https://patchstack.com/database/Wordpress/Plugin/jet-tabs/vulnerability/wordpress-jettabs-plugin-2-2-12-broken-access-control-vulnerability?_s_id=cve.
RemediationAI
Upgrade the Crocoblock JetTabs plugin to a version newer than 2.2.12 immediately. Consult the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/jet-tabs/vulnerability/wordpress-jettabs-plugin-2-2-12-broken-access-control-vulnerability for the exact patched version number and download link. If an immediate upgrade is not possible, temporarily disable the JetTabs plugin until patched. Additionally, review WordPress user roles and capabilities to ensure only trusted administrators have access to sensitive plugin features, and regularly audit access logs for unauthorized API calls or admin action attempts targeting JetTabs functionality.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today