CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32516 – WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.3.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32516
09 May 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation plugin <= 2.3.6 versions. The Menu - Ordering - Reservations plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘redirect’ parameter in versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can su... • https://patchstack.com/database/vulnerability/menu-ordering-reservations/wordpress-restaurant-menu-food-ordering-system-table-reservation-plugin-2-3-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4657 – Restaurant Menu < 2.3.6 - Contributor+ Stored XSS via Shortcode
https://notcve.org/view.php?id=CVE-2022-4657
04 Jan 2023 — The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping on user... • https://wpscan.com/vulnerability/a90a413d-0e00-4da8-a339-d6cdfba70bb3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2696 – Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.0 - Missing Authorization on AJAX Actions
https://notcve.org/view.php?id=CVE-2022-2696
31 Oct 2022 — The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers with minimal permissions to perform a wide variety of actions such as modifying the plugin's settings and modifying the ordering system preferences. El complemento Restaurant Menu Food Ordering System Table Reser... • https://plugins.trac.wordpress.org/browser/menu-ordering-reservations/trunk/includes/admin/class-glf-admin-screens.php?rev=2664283 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3776 – Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2022-3776
31 Oct 2022 — The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as forms_action, set_option, & chosen_options to name a few . This makes it possible for unauthenticated attackers to perform a variety of administrative actions like modifying forms, via a forged request granted they can trick a site admin... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2807967%40menu-ordering-reservations&new=2807967%40menu-ordering-reservations&sfp_email=&sfph_mail= • CWE-352: Cross-Site Request Forgery (CSRF) •