exploitDog

GHSA-7cff-8p7q-7558

Опубликовано: 21 фев. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

The Intuitive Custom Post Order WordPress plugin through 3.1.3 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack

The Intuitive Custom Post Order WordPress plugin through 3.1.3 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack

Ссылки

EPSS

Процентиль: 27%

0.00097

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2022-4386

CVSS3: 4.3

nvd

почти 3 года назад

The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack

EPSS

Процентиль: 27%

0.00097

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352