Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-0555
HistoryJan 27, 2023 - 9:15 p.m.

Authorization

2023-01-2721:15:00
PRIOn knowledge base
www.prio-n.com
2
wordpress
authorization bypass
vulnerability
ajax actions
arbitrary post deletion/alteration
menu management

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.9%

JSON

The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions intended for administrator use. Actions include menu item creation, update and deletion and other menu management functions. Since the plugin does not verify that a post ID passed to one of its AJAX actions belongs to a menu item, this can lead to arbitrary post deletion/alteration.

CPENameOperatorVersion
quick_restaurant_menult2.1.0

Related

cvelist 1
cve 1
nvd 1
wpvulndb 1
wordfence 1
zdt 1
cvelist
cvelist
CVE-2023-0555
2023-01-27 20:31:13
cve
cve
CVE-2023-0555
2023-01-27 21:15:12
nvd
nvd
CVE-2023-0555
2023-01-27 21:15:12
wpvulndb
wpvulndb
Quick Restaurant Menu < 2.1.0 - Subscriber+ Arbitrary Post Deletion/Updating
2023-01-27 00:00:00
wordfence
wordfence
Multiple Vulnerabilities Patched in Quick Restaurant Menu Plugin
2023-02-01 16:07:08
zdt
zdt
WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization Vulnerabilities
2023-02-03 00:00:00

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.9%

JSON
Related for PRION:CVE-2023-0555
cvelist1cve1nvd1wpvulndb1wordfence1zdt1