6 matches found
CVE-2023-47805
CVE-2023-47805: WordPress WPCafe plugin
CVE-2024-1855
CVE-2024-1855 affects the WPCafe – Online Food Ordering, Restaurant Menu, Delivery and Reservations for WordPress. The vulnerability is a Server-Side Request Forgery (SSRF) in all versions up to 2.2.23, exploitable via the wpc_check_for_submission function. This allows unauthenticated attackers t...
CVE-2024-5431
CVE-2024-5431 affects the WPCafe WordPress plugin for WooCommerce. The vulnerability is a Local File Inclusion via the shortcode parameter reservation_extra_field in versions up to and including 2.2.25, allowing authenticated users with Contributor level access or higher to include remote files o...
CVE-2024-37513
CVE-2024-37513: Affected software is Themewinter WPCafe (WordPress plugin) with versions from n/a up to 2.2.27. The root cause is improper limitation of a pathname to a restricted directory, enabling a Path Traversal vulnerability. This could potentially allow an attacker to access restricted fil...
CVE-2024-5427
The CVE-2024-5427 entry concerns the WPCafe plugin for WordPress, with a Stored Cross-Site Scripting (XSS) flaw in the Reservation Form shortcode present in versions up to and including 2.2.24. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enab...
CVE-2024-43135
CVE-2024-43135 is a path traversal vulnerability in Themewinter WPCafe (WordPress plugin) that allows PHP local file inclusion. Affected versions are WPCafe up to 2.2.28; the issue stems from improper limitation of a pathname to a restricted directory. The vulnerability is rated high for impact, ...