Lucene search
K

94 matches found

CNNVD
CNNVD
added 2024/05/31 12:0 a.m.5 views

WordPress plugin WPCafe security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS6AI score0.00321EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2024/05/30 12:0 a.m.18 views

WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce < 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode

Description The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input...

6.4CVSS5.8AI score0.00321EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/23 9:44 a.m.4 views

WordPress WPCafe plugin <= 2.2.23 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Lucio Sá in WordPress Plugin WPCafe versions = 2.2.23...

5.3CVSS7.1AI score0.00436EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/05/23 2:15 a.m.24 views

CVE-2024-1855

The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpccheckforsubmission function. This makes it possible for unauthenticated...

5.3CVSS5.7AI score0.00436EPSS
Exploits0References3
OSV
OSV
added 2024/05/23 2:15 a.m.4 views

CVE-2024-1855

The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpccheckforsubmission function. This makes it possible for unauthenticated...

5.3CVSS5.9AI score0.00436EPSS
Exploits0References3
CVE
CVE
added 2024/05/23 1:56 a.m.80 views

CVE-2024-1855

CVE-2024-1855 affects the WPCafe – Online Food Ordering, Restaurant Menu, Delivery and Reservations for WordPress. The vulnerability is a Server-Side Request Forgery (SSRF) in all versions up to 2.2.23, exploitable via the wpc_check_for_submission function. This allows unauthenticated attackers t...

5.3CVSS5.7AI score0.00436EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/23 1:56 a.m.20 views

CVE-2024-1855 WPCafe <= 2.2.23 - Unauthenticated Blind Server-Side Request Forgery

The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpccheckforsubmission function. This makes it possible for unauthenticated...

5.3CVSS7AI score0.00436EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/23 1:56 a.m.27 views

CVE-2024-1855 WPCafe <= 2.2.23 - Unauthenticated Blind Server-Side Request Forgery

The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpccheckforsubmission function. This makes it possible for unauthenticated...

5.3CVSS5.7AI score0.00436EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/23 12:0 a.m.5 views

WordPress plugin WPCafe 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS6.6AI score0.00436EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/05/23 12:0 a.m.11 views

WordPress WPCafe Plugin <= 2.2.23 is vulnerable to Server Side Request Forgery (SSRF)

Software WPCafe Type Plugin Vulnerable versions = 2.2.23 Fixed in 2.2.24 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-1855 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID ae70d23ac201 Credits Lucio Sá Required privilege...

5.3CVSS6.9AI score0.00436EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/22 12:0 a.m.15 views

WPCafe < 2.2.24 - Unauthenticated Blind Server-Side Request Forgery

Description The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpccheckforsubmission function. This makes it possible for...

5.3CVSS6.9AI score0.00436EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/22 12:0 a.m.6 views

PT-2024-18365 · WordPress · Wpcafe – Restaurant Menu

Name of the Vulnerable Software and Affected Versions: WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress versions up to, and including, 2.2.23 Description: The issue allows unauthenticated attackers to make web requests to...

5.3CVSS7.2AI score0.00436EPSS
Exploits0References8
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.17 views

WPCafe < 2.2.23 - Missing Authorization

Description The plugin is vulnerable to unauthorized access, modification, or loss of data due to a missing capability check on an unknown function, allowing unauthenticated attackers to make use of the unprotected functionality...

9.4AI score0.0049EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/11/15 12:0 a.m.11 views

WordPress WPCafe Plugin <= 2.2.22 is vulnerable to Broken Access Control

Software WPCafe Type Plugin Vulnerable versions = 2.2.22 Fixed in 2.2.23 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47805 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID b94e1d5fde71 Credits Abdi Pranata Required privileg...

6.5AI score0.0049EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder