WPCafe – Restaurant Menu, Online Food Ordering and Reservation Booking Solution < 3.0.8 – Missing Authorization | CVE 2026-27071 | Plugin Vulnerabilities

Description

The WPCafe – Restaurant Menu, Online Food Ordering and Reservation Booking Solution plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.0.7. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Fixed in 3.0.8

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/3779cf95-9dfd-492b-b3a2-68dce3bb342d

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

daroo

Verified

No

WPVDB ID

876b7dc8-125f-46ae-b3af-1bbe7692ce14

Timeline

Publicly Published

2026-03-12 (about 2 months ago)

Added

2026-03-19 (about 2 months ago)

Last Updated

2026-04-14 (about 1 month ago)

Other

Published

Title

Published

2023-09-04

Title

WiserNotify Social Proof < 2.6 - Missing Authorization

Published

2025-12-31

Title

Add Custom Codes < 5.0 - Missing Authorization

Published

2025-12-31

Title

QuadLayers TikTok Feed <= 4.6.4 - Missing Authorization

Published

2025-12-10

Title

Comparimager for Elementor <= 1.0.1 - Missing Authorization

Published

2025-09-26

Title

HivePress Claim Listings <= 1.1.3 - Missing Authorization