CVE Vulnerabilities

CVE-2022-4386

Published: Feb 21, 2023 | Modified: Nov 07, 2023

CVSS 3.x

4.3

MEDIUM

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-4386
CWE	https://cwe.mitre.org/data/definitions/.html

The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack

Affected Software

Name	Vendor	Start Version	End Version
Intuitive_custom_post_order	Intuitive_custom_post_order_project	*	3.1.4 (excluding)

References

https://wpscan.com/vulnerability/734064e3-afe9-4dfd-8d76-8a757cc94815

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.