3 matches found
CVE-2023-1016
CVE-2023-1016 affects the WordPress plugin “Intuitive Custom Post Order” (versions up to 3.1.3;; and up to 3.1.4.x per PatchStack) with a SQL Injection due to insufficient escaping of user-supplied parameters (objects, tags) and inadequate preparation in the update_options and refresh functions. ...
CVE-2023-1016 Intuitive Custom Post Order <= 3.1.4.1 - Authenticated (Admin+) SQL Injection
The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.4.1, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'updateoptions' function as well as the...
WordPress Intuitive Custom Post Order Plugin <= 3.1.4.1 is vulnerable to SQL Injection
Software Intuitive Custom Post Order Type Plugin Vulnerable versions = 3.1.4.1 Fixed in 3.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1016 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID bd23d6b4e595 Credits Wordfence Required privilege...