Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2023/02/21 8:51 a.m.5 views

CVE-2022-4386 Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF

The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack...

4.5AI score0.00267EPSS
Exploits2References1
CVE
CVE
added 2023/02/21 8:51 a.m.61 views

CVE-2022-4386

CVE-2022-4386 corresponds to a CSRF in the WordPress plugin Intuitive Custom Post Order, affecting versions up to 3.1.3. The update-menu-order AJAX action lacks CSRF protection, enabling an attacker to induce a user to change menu order. The entry notes vulnerability details and explicitly lists ...

4.3CVSS4.4AI score0.00267EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/02/21 8:51 a.m.38 views

CVE-2022-4386 Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF

The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack...

5.8AI score0.00267EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/01/24 12:0 a.m.16 views

WordPress Intuitive Custom Post Order Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Intuitive Custom Post Order Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4386 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0dbc550b69a3 Credits Yuya...

4.3CVSS6.6AI score0.00267EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder