CSRF Vulnerability in Intuitive Custom Post Order WordPress Plugin

CSRF Vulnerability in Intuitive Custom Post Order WordPress Plugin

CVE-2022-4386 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack

Learn more about our Wordpress Pen Testing.