Multiple vulnerabilities were found in Quick Restaurant Menu WordPress plugin as disclosed by the Wordfence Threat Intelligence team to the WordPress Plugin Security Team. The vulnerabilities are found in all versions up-to and including 2.0.2.
Quick Restaurant Menu, a WordPress plugin with 62 thousand installs that allows users to set up restaurant menus on their sites.
In a nutshell, the vulnerabilities in these versions are:
- Missing Authorization (CVE-2023-0555)
- Insecure Direct Object Reference (CVE-2023-0550)
- Cross-Site Request Forgery and Cross-Site Scripting (CVE-2023-0554)
As of this posting, the plugin is closed for downloads so it is recommend manually downloading the patched version ( 2.1.0), or uninstalling the plugin completely until the plugin available once again.
The Missing Authorization vulnerability is susceptible to “authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions intended for administrator use. Actions include menu item creation, update and deletion and other menu management functions. Since the plugin does not verify that a post ID passed to one of its AJAX actions belongs to a menu item, this can lead to arbitrary post deletion/alteration” according to the resport.
The Insecure Direct Object Reference is susceptible to “Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it possible for authenticated attackers, with subscriber-level access or higher, to modify or delete arbitrary posts” according to the resport.
Cross-Site Request Forgery is susceptible to “Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.” according to the resport.
For more details about the vulnerabilities in Quick Restaurant Menu WordPress plugin, please check out the referenced links to the full reports below.