CVE-2022-4385

CVSS V2 None CVSS V3 None
Description
The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order
Overview
  • CVE ID
  • CVE-2022-4385
  • Assigner
  • contact@wpscan.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-02-21T09:15:10
  • Last Modified Date
  • 2023-02-28T02:23:47
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:intuitive_custom_post_order_project:intuitive_custom_post_order:*:*:*:*:*:wordpress:*:* 1 OR 3.1.4
References
Reference URL Reference Tags
https://wpscan.com/vulnerability/8f900d37-6eee-4434-8b9b-d10cc4a9167c Exploit Third Party Advisory
History
Created Old Value New Value Data Type Notes
2023-04-17 08:01:06 Added to TrackCVE
2023-04-17 08:01:08 Weakness Enumeration new