Lucene search
K

47 matches found

CNNVD
CNNVD
added 2023/02/21 12:0 a.m.7 views

WordPress Plugin Intuitive Custom Post Order 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS5.1AI score0.00486EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/01/26 12:0 a.m.17 views

WordPress Intuitive Custom Post Order Plugin <= 3.1.4.1 is vulnerable to SQL Injection

Software Intuitive Custom Post Order Type Plugin Vulnerable versions = 3.1.4.1 Fixed in 3.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1016 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID bd23d6b4e595 Credits Wordfence Required privilege...

7.2CVSS6.9AI score0.00971EPSS
Exploits0References3Affected Software1
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.409 views

Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF

The plugin lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack...

4.3CVSS5.1AI score0.00267EPSS
Exploits2
Patchstack
Patchstack
added 2023/01/24 12:0 a.m.16 views

WordPress Intuitive Custom Post Order Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Intuitive Custom Post Order Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4386 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0dbc550b69a3 Credits Yuya...

4.3CVSS6.6AI score0.00267EPSS
Exploits2References4Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/24 12:0 a.m.32 views

Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF

The plugin lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack PoC...

4.3CVSS4.9AI score0.00267EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/01/24 12:0 a.m.462 views

Intuitive Custom Post Order < 3.1.4 - Subscriber+ Arbitrary Menu Order Update

The plugin does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order Open the below HTML while being logged in as a subscriber...

4.3CVSS5.2AI score0.00486EPSS
Exploits2
Patchstack
Patchstack
added 2023/01/24 12:0 a.m.23 views

WordPress Intuitive Custom Post Order Plugin <= 3.1.3 is vulnerable to Broken Access Control

Software Intuitive Custom Post Order Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4385 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 582d2859794c Credits Yuya Kotake...

4.3CVSS6.4AI score0.00486EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder