Vulnerabilities > CVE-2022-4385 - Unspecified vulnerability in Intuitive Custom Post Order Project Intuitive Custom Post Order

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

intuitive-custom-post-order-project

NVD

Published: 2023-02-21

Updated: 2024-11-21

Summary

The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order

Vulnerable Configurations

Part	Description	Count
Application	Intuitive_Custom_Post_Order_Project Intuitive Custom Post Order Project Intuitive Custom Post Order *	1

References

https://wpscan.com/vulnerability/8f900d37-6eee-4434-8b9b-d10cc4a9167c
https://wpscan.com/vulnerability/8f900d37-6eee-4434-8b9b-d10cc4a9167c