31 matches found
EUVD-2023-12595
Malicious code in bioql PyPI...
CVE-2023-0555
The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those...
CVE-2023-0553
The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Multiple Vulnerabilities Patched in Quick Restaurant Menu Plugin
On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to Missing Authorization, Insecure Direct Object Reference,...
WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)
Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0553 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 407875987b88 Credits Marco Wotschka Iva...
WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Broken Access Control
Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0555 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7bcc03da4182 Credits Marco Wotschka Ivan...
WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Insecure Direct Object References (IDOR)
Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-0550 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 53344b864cc7 Credits Marco...
WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0554 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID c79ea8bd00a5 Credits Marco Wotschka...
CVE-2023-0550
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu...
CVE-2023-0553
The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2023-0554
The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...
CVE-2023-0550
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu...
CVE-2023-0554
The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...
CVE-2023-0553
The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2023-0550
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu...
CVE-2023-0553
The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2023-0554
The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...
Design/Logic Flaw
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu...
Cross site scripting
The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2023-0555
CVE-2023-0555 affects the WordPress plugin Quick Restaurant Menu (versions ≤ 2.0.2). The vulnerability is an authorization bypass in AJAX actions due to a missing capability check, allowing authenticated users with subscriber rights and above to invoke administrator‑level functions such as creati...