WordPress Plugin Vulnerabilities

Restaurant Menu < 2.3.1 - Unauthorised AJAX Calls

Description

The plugin does not have authorisation and CSRF checks in some AJAX actions, allowing any authenticated users, such as subscriber to call them and perform unauthorised actions such as update the plugin's settings

Affects Plugins

Plugin icon
menu-ordering-reservations
Fixed in 2.3.1

References

CVE
CVE-2022-2696

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.3 (medium)

Miscellaneous

Original Researcher
ptsfence
Verified
No
WPVDB ID
2f2a10c5-8687-4af4-8985-502691226e9f

Timeline

Publicly Published
2022-10-31 (about 3 years ago)
Added
2022-10-31 (about 3 years ago)
Last Updated
2022-10-31 (about 3 years ago)

Other

Published
Title
Published
2026-02-08
Title
Textmetrics < 3.6.5 - Missing Authorization
Published
2021-10-05
Title
Perfect Survey < 1.5.2 - Unauthorised AJAX Call to Stored XSS / Survey Settings Update
Published
2026-03-16
Title
TotalPoll for Polls and Contests <= 4.12.0 - Authenticated (Contributor+) Remote Code Execution
Published
2026-02-14
Title
Payment Plugins for PayPal WooCommerce < 2.0.14 - Missing Authorization
Published
2025-07-07
Title
LoginWP - Pro < 4.0.8.6 - Missing Authorization