cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-1016,https://securityvulnerability.io/vulnerability/CVE-2023-1016,SQL Injection Vulnerability in Intuitive Custom Post Order Plugin for WordPress,"The Intuitive Custom Post Order plugin for WordPress has a vulnerability that allows authenticated attackers with administrator permissions to exploit SQL Injection. The flaw is due to inadequate escaping of user-supplied parameters, specifically 'objects' and 'tags', in conjunction with insufficiently prepared queries in the 'update_options' and 'refresh' functions. This exploitation can allow attackers to append malicious SQL queries, potentially revealing sensitive information stored in the database. This vulnerability poses a significant risk, especially in environments where characteristics like character sets can lead to query manipulation.",Wordpress,Intuitive Custom Post Order,6.6,MEDIUM,0.001069999998435378,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2022-4386,https://securityvulnerability.io/vulnerability/CVE-2022-4386,Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF,"The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack",Wordpress,Intuitive Custom Post Order,4.3,MEDIUM,0.0006200000061653554,false,,false,false,false,,false,false,2023-02-21T08:51:02.973Z,0
CVE-2022-4385,https://securityvulnerability.io/vulnerability/CVE-2022-4385,Intuitive Custom Post Order < 3.1.4 - Subscriber+ Arbitrary Menu Order Update,"The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order",Wordpress,Intuitive Custom Post Order,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-21T08:50:40.508Z,0