Missing Authorization Vulnerability in FoodBook Lite - Online Food Ordering System for WordPress
CVE-2026-11802

5.3MEDIUM

What is CVE-2026-11802?

The FoodBook Lite - Online Food Ordering System plugin for WordPress is susceptible to a security flaw that allows unauthenticated attackers to create new user accounts with the 'customer' role. This occurs due to the absence of nonce verification and capability checks in the registration function. Moreover, the plugin ignores the WordPress users_can_register option, permitting unauthorized account creation and the issuance of authentication cookies, even when user registration has been disabled by the site administrator. Such vulnerabilities can lead to unauthorized access and potential misuse of the platform.

Affected Version(s)

FoodBook Lite – Online Food Ordering System 0 <= 1.5.6

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Eason
.