GHSA-m9qg-5xmj-j7ggMediumCVSS 4.3
The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce...
🔗 CVE IDs covered (1)
📋 Description
The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts.