Intuitive Custom Post Order Project Intuitive Custom Post Order — known CVE vulnerabilities
Every CVE whose affected-product data names Intuitive Custom Post Order Project Intuitive Custom Post Order, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2022-4385 — CVSS 4.3 (medium): The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action…
CVE-2022-4386 — CVSS 4.3 (medium): The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an…