Intuitive Custom Post Order
intuitive_custom_post_order
Vendor: Intuitive Custom Post Order Project • 2 CVEs
CVEs (2)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Intuitive Custom Post Order Project 1Intuitive Custom Post Order Jun 17, 2026 Feb 21, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack |
1Intuitive Custom Post Order Project 1Intuitive Custom Post Order Jun 17, 2026 Feb 21, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order |