F4 Post Tree
1 CVEs
product
Monthly
The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts.
WordPress
CSRF
F4 Post Tree
NVD
WPScan
VulDB
CVSS 3.1
4.3
EPSS
0.1%
EPSS 0%
CVSS 4.3
MEDIUM
POC
PATCH
This Month
The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts.
WordPress
CSRF
F4 Post Tree
NVD
WPScan
VulDB