Vulnerability Details CVE-2022-4385
The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.0%
CVSS Severity
CVSS v3 Score 4.3
References
Products affected by CVE-2022-4385
-
cpe:2.3:a:intuitive_custom_post_order_project:intuitive_custom_post_order:*