Vulnerabilities > CVE-2022-4386 - Unspecified vulnerability in Intuitive Custom Post Order Project Intuitive Custom Post Order

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
intuitive-custom-post-order-project
NVD
Published: 2023-02-21
Updated: 2024-11-21

Summary

The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack

Vulnerable Configurations

Part Description Count
Application
Intuitive_Custom_Post_Order_Project
1

References