cleantalk
Vulnerabilities and Security Researches

Intuitive Custom Post Order, CVE-2022-4386

CVE, Research URL

CVE-2022-4386

Home page URL

Security reports for Intuitive Custom Post Order

Application

Intuitive Custom Post Order

Published on
Feb 21, 2023
Research Description
The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack
Affected versions
max 3.1.4.
Status
vulnerable
Previous vulnerability researches
Intuitive Custom Post Order (CVE-2023-1016) , Jun 06, 2024
Intuitive Custom Post Order (380e8535297417013cf4c7f69aeac18c10b8284b) , Jun 06, 2024
Intuitive Custom Post Order (CVE-2022-4385) , Jun 06, 2024
Intuitive Custom Post Order (CVE-2022-4386) , Jun 06, 2024
Intuitive Custom Post Order (fb854943a69160d6e51117be558eee05e1b4c200) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar – Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026