4 matches found
WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization Vulnerabilities
On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference,...
Multiple Vulnerabilities Patched in Quick Restaurant Menu Plugin
On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to Missing Authorization, Insecure Direct Object Reference,...
WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Broken Access Control
Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0555 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7bcc03da4182 Credits Marco Wotschka Ivan...
CVE-2023-0555
CVE-2023-0555 affects the WordPress plugin Quick Restaurant Menu (versions ≤ 2.0.2). The vulnerability is an authorization bypass in AJAX actions due to a missing capability check, allowing authenticated users with subscriber rights and above to invoke administrator‑level functions such as creati...