Vulnerabilities > Oracle > Restaurant Menu Food Ordering System Table Reservation > 1.0.4

DATE CVE VULNERABILITY TITLE RISK
2023-08-24 CVE-2023-32516 Cross-site Scripting vulnerability in Oracle Restaurant Menu - Food Ordering System - Table Reservation
Unauth.
network
low complexity
oracle CWE-79
6.1
2023-02-06 CVE-2022-4657 Unspecified vulnerability in Oracle Restaurant Menu - Food Ordering System - Table Reservation
The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
network
low complexity
oracle
5.4
2022-11-03 CVE-2022-2696 Unspecified vulnerability in Oracle Restaurant Menu - Food Ordering System - Table Reservation
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation.
network
low complexity
oracle
6.5
2022-11-03 CVE-2022-3776 Unspecified vulnerability in Oracle Restaurant Menu - Food Ordering System - Table Reservation
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1.
network
low complexity
oracle
8.8