Security Advisory

CVE-2022-4386

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-02-21 08:51:02

Last updated 2025-03-12 15:24:27

Assigner WPScan

State PUBLISHED

Description

The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack

← Browse all CVEs View on cve.org ↗