Home > Vulnerability Database > CVE-2023-0555

Mend.io Vulnerability Database

CVE-2023-0555

Good to know:

Date: January 27, 2023

The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions intended for administrator use. Actions include menu item creation, update and deletion and other menu management functions. Since the plugin does not verify that a post ID passed to one of its AJAX actions belongs to a menu item, this can lead to arbitrary post deletion/alteration.

Language: PHP

Severity Score

5.4

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-0555

Url: https://plugins.trac.wordpress.org/changeset/2851871/quick-restaurant-menu/trunk?contextall=1&old=2788636&old_path=%2Fquick-restaurant-menu%2Ftrunk

Url: https://plugins.trac.wordpress.org/browser/quick-restaurant-menu/tags/2.0.2/includes/admin/ajax-functions.php

Url: https://www.wordfence.com/threat-intel/vulnerabilities/id/97984c7d-d6ff-480c-acfe-20ab0eb04141

Url: https://www.mend.io/vulnerability-database/CVE-2023-0555

Severity Score

5.4

Weakness Type (CWE)

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version 2.1.0

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-0555

Good to know:

Date: January 27, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?