CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49698 – WordPress Great Restaurant Menu WP plugin <= 1.4.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-49698
21 Oct 2024 — Missing Authorization vulnerability in PriceListo Best Restaurant Menu by PriceListo.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.2. The Best Restaurant Menu by PriceListo plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a few functions like 'delete_group' in versions up to, and including, 1.4.2. This makes it possible for authenticated attackers, with contributor-level access and above, to perform actions they should not be author... • https://patchstack.com/database/wordpress/plugin/best-restaurant-menu-by-pricelisto/vulnerability/wordpress-great-restaurant-menu-wp-plugin-1-4-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-38793 – WordPress Best Restaurant Menu by Pricelisto plugin <= 1.4.1 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-38793
22 Jul 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PriceListo Best Restaurant Menu by PriceListo allows SQL Injection.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.1. The Best Restaurant Menu by PriceListo plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ... • https://github.com/ret2desync/CVE-2024-38793-PoC • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47649 – WordPress Best Restaurant Menu by PriceListo Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47649
07 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Restaurant Menu by PriceListo.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.3.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en PriceListo Best Restaurant Menu de PriceListo. Este problema afecta a Best Restaurant Menu de PriceListo: desde n/a hasta 1.3.1. The Best Restaurant Menu by PriceListo plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is... • https://patchstack.com/database/vulnerability/best-restaurant-menu-by-pricelisto/wordpress-best-restaurant-menu-by-pricelisto-plugin-1-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •