Missing Authorization Vulnerability in FoodBook Lite - Online Food Ordering System for WordPress
CVE-2026-11802
5.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 14 July 2026
What is CVE-2026-11802?
The FoodBook Lite - Online Food Ordering System plugin for WordPress is susceptible to a security flaw that allows unauthenticated attackers to create new user accounts with the 'customer' role. This occurs due to the absence of nonce verification and capability checks in the registration function. Moreover, the plugin ignores the WordPress users_can_register option, permitting unauthorized account creation and the issuance of authentication cookies, even when user registration has been disabled by the site administrator. Such vulnerabilities can lead to unauthorized access and potential misuse of the platform.
Affected Version(s)
FoodBook Lite β Online Food Ordering System 0 <= 1.5.6