Search
Search Results (3 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-11818 | 2 Arraytics, Wordpress | 2 Wpcafe – Restaurant Menu, Online Food Ordering & Table Booking System, Wordpress | 2026-07-10 | 5.4 Medium |
| The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to list, create, update, delete, clone, and bulk-delete notification flow workflows that are intended to be managed only by administrators. The only protection on these endpoints is a wp_rest nonce check, which is obtainable by any logged-in user from the frontend page source. | ||||
| CVE-2026-57622 | 2 Arraytics, Wordpress | 2 Wpcafe, Wordpress | 2026-06-26 | 4.3 Medium |
| Subscriber Broken Access Control in WPCafe <= 3.0.14 versions. | ||||
| CVE-2026-27071 | 2 Arraytics, Wordpress | 2 Wpcafe, Wordpress | 2026-04-29 | 9.1 Critical |
| Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through <= 3.0.7. | ||||
Page 1 of 1.