30 matches found
CVE-2026-11818
The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...
CVE-2026-11818 WPCafe <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via REST API
The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...
WordPress WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Modification vulnerability discovered by Sushi Com Abacate in WordPress Plugin WPCafe versions = 3.0.14...
CVE-2026-57622 WordPress WPCafe plugin <= 3.0.14 - Broken Access Control vulnerability
Subscriber Broken Access Control in WPCafe = 3.0.14 versions...
CVE-2026-27071 WordPress WPCafe plugin <= 3.0.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through = 3.0.7...
CVE-2026-27071
CVE-2026-27071 is a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin WPCafe (wp-cafe) by Arraytics, affecting versions up to 3.0.7. The issue enables exploitation of incorrectly configured access control. CVSS v3.1 base score 9.1 (critical); vector: NETWORK, PR:...
EUVD-2024-46653
Malicious code in bioql PyPI...
EUVD-2024-17580
Malicious code in bioql PyPI...
EUVD-2024-46649
Malicious code in bioql PyPI...
CVE-2024-5427
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and outp...
WordPress WPCafe plugin <= 2.2.32 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin WPCafe versions = 2.2.32...
CVE-2024-5431
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...
CVE-2023-47805 WordPress WPCafe plugin <= 2.2.22 - Broken Access Control vulnerability
Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through = 2.2.22...
WordPress WPCafe plugin <= 2.2.28 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin WPCafe versions = 2.2.28...
WordPress WPCafe Plugin <= 2.2.27 is vulnerable to Local File Inclusion
Software WPCafe Type Plugin Vulnerable versions = 2.2.27 Fixed in 2.2.28 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37513 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 939a4f465f21 Credits João Pedro S Alcântara Kinorth Requir...
WordPress WPCafe plugin <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode vulnerability
Authenticated Contributor+ File inclusion via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WPCafe versions = 2.2.25...
CVE-2024-5431
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...
CVE-2024-5431
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...
CVE-2024-5431
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...
CVE-2024-5431
CVE-2024-5431 affects the WPCafe WordPress plugin for WooCommerce. The vulnerability is a Local File Inclusion via the shortcode parameter reservation_extra_field in versions up to and including 2.2.25, allowing authenticated users with Contributor level access or higher to include remote files o...