Vulnerabilities > CVE-2022-4385 - Unspecified vulnerability in Intuitive Custom Post Order Project Intuitive Custom Post Order

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
intuitive-custom-post-order-project
NVD
Published: 2023-02-21
Updated: 2023-11-07

Summary

The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order

Vulnerable Configurations

Part Description Count
Application
Intuitive_Custom_Post_Order_Project
1

References