cleantalk
Vulnerabilities and Security Researches

Intuitive Custom Post Order, CVE-2022-4385

CVE, Research URL

CVE-2022-4385

Home page URL

Security reports for Intuitive Custom Post Order

Application

Intuitive Custom Post Order

Published on
Feb 21, 2023
Research Description
The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order
Affected versions
max 3.1.4.
Status
vulnerable
Previous vulnerability researches
Intuitive Custom Post Order (CVE-2023-1016) , Jun 06, 2024
Intuitive Custom Post Order (380e8535297417013cf4c7f69aeac18c10b8284b) , Jun 06, 2024
Intuitive Custom Post Order (CVE-2022-4385) , Jun 06, 2024
Intuitive Custom Post Order (CVE-2022-4386) , Jun 06, 2024
Intuitive Custom Post Order (fb854943a69160d6e51117be558eee05e1b4c200) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar – Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026