Food Ordering System Vulnerable to Reflected Cross-Site Scripting
CVE-2024-9653

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Restaurant Menu – Food Ordering System – Table Reservation
Vendor: CVE Published:; 20 November 2024

What is CVE-2024-9653?

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is prone to a reflected cross-site scripting vulnerability. This issue arises from insufficient input sanitization and output escaping for the 'action' parameter. Attackers can exploit this vulnerability to inject arbitrary web scripts into web pages. If users are tricked into clicking on a compromised link, the injected scripts can execute within their browsers, potentially leading to unauthorized access or data exposure. To mitigate risks, it is crucial for users to apply the latest security patches and validate their plugin versions.

Affected Version(s)

Restaurant Menu – Food Ordering System – Table Reservation * <= 2.4.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2024
Vulnerability Reserved
Oct 8, 2024

Credit

Dale Mavers