WordPress Plugin Vulnerabilities

Restaurant Menu < 2.3.2 - Multiple CSRF

Description

The plugin does not have proper CSRF checks in some AJAX actions, allowing any attackers to make a logged in admin perform unwanted actions via CSRF attacks

Affects Plugins

Plugin icon
menu-ordering-reservations
Fixed in 2.3.2

References

CVE
CVE-2022-3776

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.0 (medium)

Miscellaneous

Original Researcher
ptsfence
Verified
No
WPVDB ID
fc37e2ee-95c3-408b-918b-b1b52739e65e

Timeline

Publicly Published
2022-10-31 (about 3 years ago)
Added
2022-10-31 (about 3 years ago)
Last Updated
2022-10-31 (about 3 years ago)

Other

Published
Title
Published
2024-04-25
Title
Smart Maintenance Mode <= 1.5.3 - Cross-Site Request Forgery
Published
2019-05-16
Title
SAML SP SSO < 4.8.74 - Multiple Cross-Site Request Forgery (CSRF)
Published
2025-10-15
Title
NikanWP WooCommerce Reporting < 3.0.0 - Cross-Site Request Forgery
Published
2017-03-06
Title
WordPress 4.2-4.7.2 - Press This CSRF DoS
Published
2025-03-11
Title
MaxA/B <= 2.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting