Show filters
105 Total Results
Displaying 61-70 of 105
Sort by:
Attacker Value
Unknown

CVE-2023-40759

Disclosure Date: August 28, 2023 (last updated February 25, 2025)
User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
Attacker Value
Unknown

CVE-2023-32516

Disclosure Date: August 24, 2023 (last updated February 25, 2025)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation plugin <= 2.3.6 versions.
Attacker Value
Unknown

CVE-2023-34017

Disclosure Date: July 25, 2023 (last updated February 25, 2025)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FiveStarPlugins Five Star Restaurant Reservations plugin <= 2.6.7 versions.
Attacker Value
Unknown

CVE-2023-37985

Disclosure Date: July 17, 2023 (last updated February 25, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin <= 2.4.6 versions.
Attacker Value
Unknown

CVE-2023-37627

Disclosure Date: July 12, 2023 (last updated February 25, 2025)
Code-projects Online Restaurant Management System 1.0 is vulnerable to SQL Injection. Through SQL injection, an attacker can bypass the admin panel and view order records, add items, delete items etc.
Attacker Value
Unknown

CVE-2022-44739

Disclosure Date: May 22, 2023 (last updated February 25, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <= 1.5.4 versions.
Attacker Value
Unknown

CVE-2022-4657

Disclosure Date: February 06, 2023 (last updated October 08, 2023)
The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Attacker Value
Unknown

CVE-2023-0555

Disclosure Date: January 27, 2023 (last updated October 08, 2023)
The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions intended for administrator use. Actions include menu item creation, update and deletion and other menu management functions. Since the plugin does not verify that a post ID passed to one of its AJAX actions belongs to a menu item, this can lead to arbitrary post deletion/alteration.
Attacker Value
Unknown

CVE-2023-0554

Disclosure Date: January 27, 2023 (last updated October 08, 2023)
The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Attacker Value
Unknown

CVE-2023-0553

Disclosure Date: January 27, 2023 (last updated February 24, 2025)
The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.