Lucene search

[email protected]NVD:CVE-2023-5340

HistoryNov 20, 2023 - 7:15 p.m.

CVE-2023-5340

2023-11-2019:15:09

CWE-74

[email protected]

web.nvd.nist.gov

cve-2023-5340

five star restaurant menu

food ordering

wordpress plugin

ajax action

unauthenticated users

php object injection

gadget

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.5%

JSON

The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog.

Affected configurations

Nvd

Node

fivestarpluginsfive_star_restaurant_menuRange<2.4.11wordpress

VendorProductVersionCPE
fivestarpluginsfive_star_restaurant_menu*cpe:2.3:a:fivestarplugins:five_star_restaurant_menu:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
fivestarplugins	five_star_restaurant_menu	*	cpe:2.3:a:fivestarplugins:five_star_restaurant_menu::::::wordpress::*

References

wpscan.com/vulnerability/91a5847a-62e7-4b98-a554-5eecb6a06e5b

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.5%

JSON

Related for NVD:CVE-2023-5340

prion1 wpexploit1 wpvulndb1 cvelist1 cve1