Vulnerability CVE-2022-4386
Published: 2023-02-21

Description:
The Intuitive Custom Post Order WordPress plugin through 3.1.3 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack

Type:

CWE-352

 (Cross-Site Request Forgery (CSRF))

 References:
https://wpscan.com/vulnerability/734064e3-afe9-4dfd-8d76-8a757cc94815
Copyright 2026, cxsecurity.com

 

Back to Top