4 matches found
CVE-2022-4386 Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF
The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack...
CVE-2022-4386
CVE-2022-4386 corresponds to a CSRF in the WordPress plugin Intuitive Custom Post Order, affecting versions up to 3.1.3. The update-menu-order AJAX action lacks CSRF protection, enabling an attacker to induce a user to change menu order. The entry notes vulnerability details and explicitly lists ...
CVE-2022-4386 Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF
The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack...
WordPress Intuitive Custom Post Order Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Intuitive Custom Post Order Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4386 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0dbc550b69a3 Credits Yuya...