30 matches found
WordPress WPCafe Plugin <= 2.2.25 is vulnerable to Local File Inclusion
Software WPCafe Type Plugin Vulnerable versions = 2.2.25 Fixed in 2.2.26 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-5431 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e886268b6378 Credits Krzysztof Zając Required privilege Contributor...
CVE-2024-5427
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and outp...
WordPress WPCafe plugin <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Reservation Form Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WPCafe versions = 2.2.24...
PT-2024-36150 · WordPress · Wpcafe
Name of the Vulnerable Software and Affected Versions: WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress versions up to, and including, 2.2.24 Description: The issue arises from insufficient input sanitization and output escaping on...
CVE-2024-1855 WPCafe <= 2.2.23 - Unauthenticated Blind Server-Side Request Forgery
The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpccheckforsubmission function. This makes it possible for unauthenticated...
WordPress WPCafe Plugin <= 2.2.23 is vulnerable to Server Side Request Forgery (SSRF)
Software WPCafe Type Plugin Vulnerable versions = 2.2.23 Fixed in 2.2.24 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-1855 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID ae70d23ac201 Credits Lucio Sá Required privilege...
WordPress plugin WPCafe 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-18365 · WordPress · Wpcafe – Restaurant Menu
Name of the Vulnerable Software and Affected Versions: WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress versions up to, and including, 2.2.23 Description: The issue allows unauthenticated attackers to make web requests to...
WPCafe < 2.2.23 - Missing Authorization
Description The plugin is vulnerable to unauthorized access, modification, or loss of data due to a missing capability check on an unknown function, allowing unauthenticated attackers to make use of the unprotected functionality...
WordPress WPCafe Plugin <= 2.2.22 is vulnerable to Broken Access Control
Software WPCafe Type Plugin Vulnerable versions = 2.2.22 Fixed in 2.2.23 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47805 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID b94e1d5fde71 Credits Abdi Pranata Required privileg...