Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection
CVE-2023-5340

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Five Star Restaurant Menu and Food Ordering
Vendor: CVE Published:; 20 November 2023

Summary

The Five Star Restaurant Menu and Food Ordering plugin for WordPress prior to version 2.4.11 has a vulnerability that allows unauthenticated users to exploit the unserialization of user input via an AJAX action. This can lead to PHP Object Injection if an appropriate gadget is present on the blog, potentially compromising the security of the application and enabling attackers to execute arbitrary PHP code within the context of the website.

Affected Version(s)

Five Star Restaurant Menu and Food Ordering 0 < 2.4.11

References

https://wpscan.com/vulnerability/91a5847a-62e7-4b98-a554-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 20, 2023
Vulnerability Reserved
Oct 2, 2023

Credit

Krzysztof Zając (CERT PL)

WPScan