Restaurant Menu Table Reservation Plugin Auth Bypass <=2.3.0 (AJAX)
CVE-2022-2696 Published on November 3, 2022

The Restaurant Menu Food Ordering System Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers with minimal permissions to perform a wide variety of actions such as modifying the plugin's settings and modifying the ordering system preferences.

NVD

Timeline

2022-08-08

Vendor Notified

2022-10-31

Disclosed 84 days later.

Products Associated with CVE-2022-2696

Want to know whenever a new CVE is published for Oracle Restaurant Menu Food Ordering System Table Reservation? stack.watch will email you.

Oracle Restaurant Menu Food Ordering System Table Reservation

Affected Versions

gloriafood Restaurant Menu – Food Ordering System – Table Reservation:

Version *, <= 2.3.0 is affected.

Exploit Probability

EPSS

0.20%

Percentile

41.26%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Restaurant Menu Table Reservation Plugin Auth Bypass <=2.3.0 (AJAX)CVE-2022-2696 Published on November 3, 2022

Timeline

Products Associated with CVE-2022-2696

Affected Versions

Exploit Probability

Restaurant Menu Table Reservation Plugin Auth Bypass <=2.3.0 (AJAX)
CVE-2022-2696 Published on November 3, 2022