Lucene search
+L

30 matches found

attackerkb
attackerkb
added 6 days ago7 views

CVE-2026-11818

The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...

5.4CVSS5.9AI score0.00251EPSS
Exploits0References11
cvelist
cvelist
added 6 days ago32 views

CVE-2026-11818 WPCafe <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via REST API

The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...

5.4CVSS0.00251EPSS
Exploits0References10
patchstack
patchstack
added last week5 views

WordPress WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Modification vulnerability discovered by Sushi Com Abacate in WordPress Plugin WPCafe versions = 3.0.14...

5.4CVSS5.9AI score0.00251EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/06/26 2:53 p.m.34 views

CVE-2026-57622 WordPress WPCafe plugin <= 3.0.14 - Broken Access Control vulnerability

Subscriber Broken Access Control in WPCafe = 3.0.14 versions...

4.3CVSS0.00259EPSS
Exploits0References1
cve
cve
added 2026/03/25 4:14 p.m.11 views

CVE-2026-27071

CVE-2026-27071 is a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin WPCafe (wp-cafe) by Arraytics, affecting versions up to 3.0.7. The issue enables exploitation of incorrectly configured access control. CVSS v3.1 base score 9.1 (critical); vector: NETWORK, PR:...

9.1CVSS5.8AI score0.00302EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-27071 WordPress WPCafe plugin <= 3.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through = 3.0.7...

5.8AI score0.00302EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-46653

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00593EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-17580

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00436EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-46649

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00321EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/05/23 8:28 a.m.3 views

CVE-2024-5427

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and outp...

6.4CVSS5AI score0.00321EPSS
Exploits0References1
patchstack
patchstack
added 2025/04/17 9:20 a.m.11 views

WordPress WPCafe plugin <= 2.2.32 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin WPCafe versions = 2.2.32...

7.5CVSS8.4AI score0.00686EPSS
Exploits0Affected Software1
redhatcve
redhatcve
added 2025/02/05 6:30 a.m.10 views

CVE-2024-5431

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...

8.8CVSS6.9AI score0.00593EPSS
Exploits0References1
cvelist
cvelist
added 2024/12/09 11:30 a.m.16 views

CVE-2023-47805 WordPress WPCafe plugin <= 2.2.22 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through = 2.2.22...

5.3CVSS0.0049EPSS
Exploits0References1
patchstack
patchstack
added 2024/08/07 10:36 a.m.5 views

WordPress WPCafe plugin <= 2.2.28 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin WPCafe versions = 2.2.28...

8.8CVSS7AI score0.00525EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2024/07/05 12:0 a.m.19 views

WordPress WPCafe Plugin <= 2.2.27 is vulnerable to Local File Inclusion

Software WPCafe Type Plugin Vulnerable versions = 2.2.27 Fixed in 2.2.28 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37513 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 939a4f465f21 Credits João Pedro S Alcântara Kinorth Requir...

8.8CVSS6.6AI score0.00563EPSS
Exploits0References2Affected Software1
patchstack
patchstack
added 2024/06/25 6:33 a.m.4 views

WordPress WPCafe plugin <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode vulnerability

Authenticated Contributor+ File inclusion via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WPCafe versions = 2.2.25...

8.8CVSS7AI score0.00593EPSS
Exploits0References1Affected Software1
osv
osv
added 2024/06/25 6:15 a.m.4 views

CVE-2024-5431

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...

8.8CVSS6.2AI score0.00593EPSS
Exploits0References2
attackerkb
attackerkb
added 2024/06/25 6:15 a.m.4 views

CVE-2024-5431

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...

8.8CVSS6.3AI score0.00593EPSS
Exploits0References3
nvd
nvd
added 2024/06/25 6:15 a.m.31 views

CVE-2024-5431

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...

8.8CVSS0.00593EPSS
Exploits0References2
cve
cve
added 2024/06/25 5:41 a.m.73 views

CVE-2024-5431

CVE-2024-5431 affects the WPCafe WordPress plugin for WooCommerce. The vulnerability is a Local File Inclusion via the shortcode parameter reservation_extra_field in versions up to and including 2.2.25, allowing authenticated users with Contributor level access or higher to include remote files o...

8.8CVSS8.7AI score0.00593EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder