Wpcafe Security Vulnerabilities and Issues — Wpcafe CVE List

Lucene search

ThemewinterWpcafe

8 matches found

CVE•added 2024/12/09 1:15 p.m.•76 views

CVE-2023-47805

Missing Authorization vulnerability in Themewinter WPCafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through 2.2.22.

9.8CVSS5.3AI score0.00274EPSS

CVE•added 2024/05/23 2:15 a.m.•63 views

CVE-2024-1855

The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it possible for unauthenticated...

5.3CVSS5.7AI score0.00471EPSS

CVE•added 2024/07/09 1:15 p.m.•46 views

CVE-2024-37513

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27.

8.8CVSS8.6AI score0.00495EPSS

CVE•added 2024/05/31 7:15 a.m.•45 views

CVE-2024-5427

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and output...

6.4CVSS5.9AI score0.0026EPSS

CVE•added 2024/06/25 6:15 a.m.•45 views

CVE-2024-5431

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservation_extra_field shortcode parameter. This makes it possible for authenticated attack...

8.8CVSS8.7AI score0.01304EPSS

CVE•added 2025/04/17 4:15 p.m.•43 views

CVE-2025-39452

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion. This issue affects WPCafe: from n/a through 2.2.32.

7.5CVSS7.7AI score0.0017EPSS

CVE•added 2025/03/27 11:15 a.m.•42 views

CVE-2025-30829

7.5CVSS7.2AI score0.0017EPSS

CVE•added 2024/08/13 11:15 a.m.•40 views

CVE-2024-43135

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through 2.2.28.

8.8CVSS6.9AI score0.0044EPSS