Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-0550
HistoryJan 27, 2023 - 9:15 p.m.

Design/Logic Flaw

2023-01-2721:15:00
PRIOn knowledge base
www.prio-n.com
6
wordpress
quick restaurant menu
insecure direct object reference
vulnerability
authentication
arbitrary posts

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.2%

JSON

The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it possible for authenticated attackers, with subscriber-level access or higher, to modify or delete arbitrary posts.

CPENameOperatorVersion
quick_restaurant_menult2.1.0

Related

cve 1
cvelist 1
nvd 1
wpvulndb 1
zdt 1
wordfence 1
cve
cve
CVE-2023-0550
2023-01-27 21:15:11
cvelist
cvelist
CVE-2023-0550
2023-01-27 20:17:19
nvd
nvd
CVE-2023-0550
2023-01-27 21:15:11
wpvulndb
wpvulndb
Quick Restaurant Menu < 2.1.0 - Subscriber+ Arbitrary Post Deletion/Updating
2023-01-27 00:00:00
zdt
zdt
WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization Vulnerabilities
2023-02-03 00:00:00
wordfence
wordfence
Multiple Vulnerabilities Patched in Quick Restaurant Menu Plugin
2023-02-01 16:07:08

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.2%

JSON
Related for PRION:CVE-2023-0550
cve1cvelist1nvd1wpvulndb1zdt1wordfence1