CVE-2023-0550
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it possible for authenticated attackers, with subscriber-level access or higher, to modify or delete arbitrary posts.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| alejandropascual | Quick Restaurant Menu | 0 <= 2.0.2 | affected |
Weaknesses
- CWE-639: CWE-639 Authorization Bypass Through User-Controlled Key
ADP Enrichment
CVE Program Container
Additional References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/faa4fba5-cd19-4b96-aa09-07ed6d52a107
- https://plugins.trac.wordpress.org/browser/quick-restaurant-menu/tags/2.0.2/includes/admin/ajax-functions.php
- https://plugins.trac.wordpress.org/changeset/2851871/quick-restaurant-menu/trunk?contextall=1&old=2788636&old_path=%2Fquick-restaurant-menu%2Ftrunk
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/faa4fba5-cd19-4b96-aa09-07ed6d52a107?source=cve
- https://plugins.trac.wordpress.org/browser/quick-restaurant-menu/tags/2.0.2/includes/admin/ajax-functions.php
- https://plugins.trac.wordpress.org/changeset/2851871/quick-restaurant-menu/trunk?contextall=1&old=2788636&old_path=%2Fquick-restaurant-menu%2Ftrunk
- https://www.wordfence.com/blog/2023/02/multiple-vulnerabilities-patched-in-quick-restaurant-menu-plugin/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.