Restaurant & Cafe Addon for Elementor < 1.5.4 – Missing Authorization via multiple AJAX functions | CVE 2023-47826 | Plugin Vulnerabilities

Description

The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to unauthorizedmodification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to update the plugin's settings if they are able to retrieve a nonce that is only displayed on an admin page which is protected by a capability check.

Affects Plugins

restaurant-cafe-addon-for-elementor

Fixed in 1.5.4

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/ad003d57-a573-473e-80a9-5bf60d42a707

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Abdi Pranata

Verified

No

WPVDB ID

41b96160-fdfb-4aae-869e-871c8f7bcddc

Timeline

Publicly Published

2023-11-16 (about 2 years ago)

Added

2023-11-23 (about 2 years ago)

Last Updated

2024-01-22 (about 2 years ago)

Other

Published

Title

Published

2025-02-03

Title

Embed RSS <= 3.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

Published

2022-12-05

Title

Health Check & Troubleshooting < 1.2.4 - Missing Authorization Checks

Published

2026-02-02

Title

Booktics < 1.0.17 - Missing Authorization

Published

2026-03-20

Title

New User Approve < 3.2.4 - Missing Authorization

Published

2026-03-23

Title

User Verification by PickPlugins < 2.0.46 - Missing Authorization