CVE-2023-1016

Name of the Vulnerable Software and Affected Versions Intuitive Custom Post Order plugin for WordPress versions up to, and including, 3.1.3

Description The issue arises from insufficient escaping on the user-supplied objects and tags parameters and a lack of sufficient preparation in the update options function as well as the refresh function, which runs queries on the same values. This allows authenticated attackers with administrator permissions to append additional SQL queries into already existing queries, potentially extracting sensitive information from the database. The attack's practicality may be limited to configurations where it is possible to bypass addslashes due to the database using a nonstandard character set, such as GBK.

Recommendations For versions up to, and including, 3.1.3, consider disabling the update options and refresh functions until a patch is available to prevent exploitation. Additionally, restrict access to the objects and tags parameters to minimize the risk of SQL injection attacks.