6 matches found
CVE-2023-5340
The CVE-2023-5340 affects the Five Star Restaurant Menu and Food Ordering WordPress plugin prior to version 2.4.11. The issue is unauthenticated deserialization via an AJAX action, enabling PHP Object Injection when a suitable gadget is present on the blog. Remediation: upgrade to version 2.4.11 ...
CVE-2024-5459
CVE-2024-5459 affects the Restaurant Menu and Food Ordering plugin for WordPress. All versions up to 2.4.16 are vulnerable due to missing capability checks on add_section, add_menu, add_menu_item, and add_menu_page, enabling authenticated users with Subscriber-level access and above to create men...
CVE-2020-29045
The CVE-2020-29045 entry concerns the WordPress plugin food-and-drink-menu (versions up to 2.2.0). The vulnerability stems from an unserialize operation on the fdm_cart cookie in load_cart_from_cookie within includes/class-cart-manager.php, allowing remote attackers to execute arbitrary code. Sev...
CVE-2024-24838
CVE-2024-24838 is a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Five Star Restaurant Reviews (Five Star Plugins) affecting versions up to 2.3.5. The root cause is improper neutralization of input during web page generation, enabling an attacker with Contributor+ privil...
CVE-2023-34017
CVE-2023-34017 affects the WordPress plugin Five Star Restaurant Reservations (
CVE-2023-37985
Technical details beyond the Initial Description are not provided in the connected documents. CVE-2023-37985 is described as a CSRF vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin