The WPCafe – Online Food Ordering, Restaurant Menu,...
High severity
Unreviewed
Published
Jun 25, 2024
to the GitHub Advisory Database
Description
Published by the National Vulnerability Database
Jun 25, 2024
Published to the GitHub Advisory Database
Jun 25, 2024
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservation_extra_field shortcode parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include remote files on the server, potentially resulting in code execution
References