Lucene search
K

4 matches found

0day.today
0day.today
added 2023/02/03 12:0 a.m.312 views

WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization Vulnerabilities

On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference,...

7.6CVSS5.5AI score0.0065EPSS
Exploits1
Wordfence Blog
Wordfence Blog
added 2023/02/01 4:7 p.m.38 views

Multiple Vulnerabilities Patched in Quick Restaurant Menu Plugin

On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to Missing Authorization, Insecure Direct Object Reference,...

0.3AI score0.0065EPSS
Exploits1
Patchstack
Patchstack
added 2023/01/30 12:0 a.m.17 views

WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Broken Access Control

Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0555 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7bcc03da4182 Credits Marco Wotschka Ivan...

7.6CVSS6.4AI score0.00602EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/01/27 8:31 p.m.59 views

CVE-2023-0555

CVE-2023-0555 affects the WordPress plugin Quick Restaurant Menu (versions ≤ 2.0.2). The vulnerability is an authorization bypass in AJAX actions due to a missing capability check, allowing authenticated users with subscriber rights and above to invoke administrator‑level functions such as creati...

8.1CVSS5.2AI score0.00602EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder