Restaurant Menu - Food Ordering System - Table Reservation Security Vulnerabilities - January
The Restaurant Menu β Food Ordering System β Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers...
6.5CVSS
6.1AI Score
0.001EPSS
The Restaurant Menu β Food Ordering System β Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as forms_action, set_option...
8.8CVSS
8.4AI Score
0.002EPSS
The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
5.4CVSS
5.3AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFood Restaurant Menu β Food Ordering System β Table Reservation plugin <= 2.3.6 versions.
7.1CVSS
5.9AI Score
0.001EPSS
The Restaurant Menu β Food Ordering System β Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
6.4CVSS
5.7AI Score
0.0004EPSS