CVE-2026-27071 WordPress WPCafe plugin <= 3.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through = 3.0.7...

CVE-2026-27071

CVE-2026-27071 is a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin WPCafe (wp-cafe) by Arraytics, affecting versions up to 3.0.7. The issue enables exploitation of incorrectly configured access control. CVSS v3.1 base score 9.1 (critical); vector: NETWORK, PR:...

EUVD-2024-17580

Malicious code in bioql PyPI...

EUVD-2024-46653

Malicious code in bioql PyPI...

EUVD-2024-46649

Malicious code in bioql PyPI...

CVE-2024-5427

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and outp...

WordPress WPCafe plugin <= 2.2.32 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin WPCafe versions = 2.2.32...

CVE-2024-5431

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...

CVE-2023-47805 WordPress WPCafe plugin <= 2.2.22 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through = 2.2.22...

WordPress WPCafe plugin <= 2.2.28 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin WPCafe versions = 2.2.28...

WordPress WPCafe Plugin <= 2.2.27 is vulnerable to Local File Inclusion

Software WPCafe Type Plugin Vulnerable versions = 2.2.27 Fixed in 2.2.28 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37513 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 939a4f465f21 Credits João Pedro S Alcântara Kinorth Requir...

WordPress WPCafe plugin <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode vulnerability

Authenticated Contributor+ File inclusion via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WPCafe versions = 2.2.25...

CVE-2024-5431

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...

CVE-2024-5431

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...

CVE-2024-5431

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...

CVE-2024-5431

CVE-2024-5431 affects the WPCafe WordPress plugin for WooCommerce. The vulnerability is a Local File Inclusion via the shortcode parameter reservation_extra_field in versions up to and including 2.2.25, allowing authenticated users with Contributor level access or higher to include remote files o...

WordPress WPCafe Plugin <= 2.2.25 is vulnerable to Local File Inclusion

Software WPCafe Type Plugin Vulnerable versions = 2.2.25 Fixed in 2.2.26 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-5431 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e886268b6378 Credits Krzysztof Zając Required privilege Contributor...

CVE-2024-5427

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and outp...

WordPress WPCafe plugin <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Reservation Form Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WPCafe versions = 2.2.24...

PT-2024-36150 · WordPress · Wpcafe

Name of the Vulnerable Software and Affected Versions: WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress versions up to, and including, 2.2.24 Description: The issue arises from insufficient input sanitization and output escaping on...