Lucene search

WPScanCVELIST:CVE-2023-5340

HistoryNov 20, 2023 - 6:55 p.m.

CVE-2023-5340 Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection

2023-11-2018:55:01

WPScan

www.cve.org

five star restaurant

menu and food ordering

wordpress

unauthenticated

php object injection

ajax action

unserialized user input

gadget

cve-2023-5340

AI Score

9.9

Confidence

High

EPSS

0.002

Percentile

52.5%

JSON

The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Five Star Restaurant Menu and Food Ordering",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.4.11"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/91a5847a-62e7-4b98-a554-5eecb6a06e5b