27 Jan 2023
Vulnérabilité CVE-2023-0555 CVE Vulnerability
The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions intended for administrator use. Actions include menu item creation, update and deletion and other menu management functions. Since the plugin does not verify that a post ID passed to one of its AJAX actions belongs to a menu item, this can lead to arbitrary post deletion/alteration. (CVSS:0.0) (Last Update:2023-01-27)
Vulnerability Details : The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions intended for administrator use. Actions include menu item creation, update and deletion and other menu management functions. Since the plugin does not verify that a post ID passed to one of its AJAX actions belongs to a menu item, this can lead to arbitrary post deletion/alteration. Publish Date : 2023-01-27 Last Update Date : 2023-01-27 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2023-0555
- References For CVE-2023-0555 | |||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2023-0555There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |