WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.3.6 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-32516

7.1HIGH

Key Information:

Vendor: WordPress
Status: Restaurant Menu – Food Ordering System – Table Reservation
Vendor: CVE Published:; 24 August 2023

Summary

A reflected cross-site scripting vulnerability exists in the GloriaFood Restaurant Menu plugin for WordPress, affecting versions up to 2.3.6. This flaw allows attackers to inject malicious scripts that can execute in the context of a user's browser. Exploitation of this vulnerability may lead to unauthorized actions or data theft, compromising the integrity and security of the website.

Affected Version(s)

Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.6

References

https://patchstack.com/database/vulnerability/menu-orderi...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 24, 2023
Vulnerability Reserved
May 9, 2023

Credit

Le Ngoc Anh (Patchstack Alliance)