EUVD-2022-51735

Malicious code in bioql PyPI...

EUVD-2022-51734

Malicious code in bioql PyPI...

CVE-2022-4385

The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order...

WordPress Intuitive Custom Post Order Plugin < 3.1.4 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:intuitivecustompostorderproject:intuitivecustompostorder";...

WordPress Intuitive Custom Post Order Plugin < 3.1.5 SQLi Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:intuitivecustompostorderproject:intuitivecustompostorder";...

CVE-2023-1016

The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.3, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'updateoptions' function as well as the 'refresh...

CVE-2023-1016 Intuitive Custom Post Order <= 3.1.4.1 - Authenticated (Admin+) SQL Injection

The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.4.1, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'updateoptions' function as well as the...

CVE-2023-1016

CVE-2023-1016 affects the WordPress plugin “Intuitive Custom Post Order” (versions up to 3.1.3;; and up to 3.1.4.x per PatchStack) with a SQL Injection due to insufficient escaping of user-supplied parameters (objects, tags) and inadequate preparation in the update_options and refresh functions. ...

WordPress plugin Intuitive Custom Post Order SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...

CVE-2022-4386

The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack...

Authorization

The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order...

CVE-2022-4386 Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF

The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack...

CVE-2022-4386

CVE-2022-4386 corresponds to a CSRF in the WordPress plugin Intuitive Custom Post Order, affecting versions up to 3.1.3. The update-menu-order AJAX action lacks CSRF protection, enabling an attacker to induce a user to change menu order. The entry notes vulnerability details and explicitly lists ...

CVE-2022-4385 Intuitive Custom Post Order < 3.1.4 - Subscriber+ Arbitrary Menu Order Update

The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order...

CVE-2022-4385 Intuitive Custom Post Order < 3.1.4 - Subscriber+ Arbitrary Menu Order Update

The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order...

CVE-2022-4385

Summary: The WordPress plugin Intuitive Custom Post Order (

WordPress Plugin Intuitive Custom Post Order 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Intuitive Custom Post Order Plugin <= 3.1.4.1 is vulnerable to SQL Injection

Software Intuitive Custom Post Order Type Plugin Vulnerable versions = 3.1.4.1 Fixed in 3.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1016 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID bd23d6b4e595 Credits Wordfence Required privilege...

Intuitive Custom Post Order < 3.1.4 - Subscriber+ Arbitrary Menu Order Update

The plugin does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order Open the below HTML while being logged in as a subscriber...

WordPress Intuitive Custom Post Order Plugin <= 3.1.3 is vulnerable to Broken Access Control

Software Intuitive Custom Post Order Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4385 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 582d2859794c Credits Yuya Kotake...