WordPress Restaurant Menu Plugin 2.3.1 CSRF Vulnerability
CVE-2022-3776 Published on November 3, 2022
The Restaurant Menu Food Ordering System Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as forms_action, set_option, & chosen_options to name a few . This makes it possible for unauthenticated attackers to perform a variety of administrative actions like modifying forms, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Timeline
Disclosed
Products Associated with CVE-2022-3776
Want to know whenever a new CVE is published for Oracle Restaurant Menu Food Ordering System Table Reservation? stack.watch will email you.
Affected Versions
gloriafood Restaurant Menu – Food Ordering System – Table Reservation:- Version *, <= 2.3.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.