3948 matches found
CVE-2023-0550
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu...
Design/Logic Flaw
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu...
Cross site request forgery (csrf)
The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...
Authorization
The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those...
Cross site scripting
The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2023-0555 Quick Restaurant Menu <= 2.0.2 - Missing Authorization
The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those...
CVE-2023-0555
CVE-2023-0555 affects the WordPress plugin Quick Restaurant Menu (versions ≤ 2.0.2). The vulnerability is an authorization bypass in AJAX actions due to a missing capability check, allowing authenticated users with subscriber rights and above to invoke administrator‑level functions such as creati...
CVE-2023-0555 Quick Restaurant Menu <= 2.0.2 - Missing Authorization
The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those...
CVE-2023-0554 Quick Restaurant Menu <= 2.0.2 - Cross-Site Request Forgery
The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...
CVE-2023-0554
The Quick Restaurant Menu WordPress plugin (versions
CVE-2023-0553 Quick Restaurant Menu <= 2.0.2 - Authenticated (Administrator+) Cross-Site Scripting
The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2023-0553
The CVE-2023-0553 issue affects the WordPress plugin Quick Restaurant Menu (
CVE-2023-0550 Quick Restaurant Menu <= 2.0.2 - Insecure Direct Object Reference
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu...
CVE-2023-0550
The CVE-2023-0550 entry concerns the Quick Restaurant Menu WordPress plugin (versions
Quick Restaurant Menu < 2.1.0 - Menu Items Update via CSRF
The plugin does not have CSRF checks when updating its menu items, which could allow attackers to make logged in admins update menu items via a CSRF attack...
WordPress plugin Quick Restaurant Menu 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress plugin Quick Restaurant Menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin Quick Restaurant Menu 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress plugin Quick Restaurant Menu 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2023-16358 · WordPress · Quick Restaurant Menu
Name of the Vulnerable Software and Affected Versions: Quick Restaurant Menu plugin for WordPress versions up to and including 2.0.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on AJAX actions. This allows unauthenticated attackers ...