cleantalk
Vulnerabilities and Security Researches

Intuitive Custom Post Order, fb854943a69160d6e51117be558eee05e1b4c200

CVE, Research URL

fb854943a69160d6e51117be558eee05e1b4c200

Home page URL

Security reports for Intuitive Custom Post Order

Application

Intuitive Custom Post Order

Published on
-
Research Description
Intuitive Custom Post Order [intuitive-custom-post-order] <= 3.1.3 (unfixed) Intuitive Custom Post Order &lt;= 3.1.3 - Missing Authorization to Authenticated Settings Change The Intuitive Custom Post Order plugin for WordPress is vulnerable to authenticated settings change in versions up to and including 3.1.3 via the &#039;update-menu-order-tags&#039; AJAX action. This allows authenticated attackers with subscriber privileges or above, to change the order of tags in the tags menu.
Affected versions
max 3.1.3.
Status
vulnerable
Previous vulnerability researches
Intuitive Custom Post Order (CVE-2023-1016) , Jun 06, 2024
Intuitive Custom Post Order (380e8535297417013cf4c7f69aeac18c10b8284b) , Jun 06, 2024
Intuitive Custom Post Order (CVE-2022-4385) , Jun 06, 2024
Intuitive Custom Post Order (CVE-2022-4386) , Jun 06, 2024
Intuitive Custom Post Order (fb854943a69160d6e51117be558eee05e1b4c200) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026