Authorization Bypass in Restaurant Menu – Food Ordering System Plugin for WordPress
CVE-2022-2696

6.3MEDIUM

Key Information:

Vendor

WordPress
Status
Restaurant Menu – Food Ordering System – Table Reservation
Vendor
CVE Published:
3 November 2022

What is CVE-2022-2696?

The Restaurant Menu – Food Ordering System plugin for WordPress suffers from an authorization bypass vulnerability. This issue arises from the absence of necessary capability checks and nonce validation across several AJAX actions. As a result, authenticated users with limited permissions can exploit this flaw to execute unauthorized actions, including altering plugin settings and adjusting the ordering system preferences. Users of versions up to and including 2.3.0 should take immediate steps to update to the latest version to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Restaurant Menu – Food Ordering System – Table Reservation * <= 2.3.0

References

https://plugins.trac.wordpress.org/browser/menu-ordering-...
https://plugins.trac.wordpress.org/changeset?sfp_email=&s...
https://www.wordfence.com/vulnerability-advisories-contin...

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ptsfence
JSON
.