Vulnerabilities > CVE-2022-4386 - Unspecified vulnerability in Intuitive Custom Post Order Project Intuitive Custom Post Order

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
intuitive-custom-post-order-project

Summary

The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack

Vulnerable Configurations

Part Description Count
Application
Intuitive_Custom_Post_Order_Project
1