2024-11-26
Platform: WordPress Restaurant Menu – Food Ordering System Plugin
Version: Up to and including 2.4.2
Vulnerability: Reflected Cross-Site Scripting (XSS)
Severity: Medium (CVSS v3: 6.1)
Date: November 20, 2024 (NVD Published Date)
What Undercode Says:
This blog post highlights a vulnerability (CVE-2024-9653) in the Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress. The issue stems from insufficient input sanitization and output escaping in the ‘action’ parameter, allowing unauthenticated attackers to inject malicious scripts into web pages. These scripts can execute if a user is tricked into clicking a link or performing another action.
Here are the key takeaways:
The vulnerability affects all versions of the plugin up to and including 2.4.2.
It allows attackers to inject arbitrary web scripts.
Unauthenticated attackers can exploit this vulnerability.
The severity is rated as Medium (CVSS v3: 6.1).
Recommendations:
Update the Restaurant Menu – Food Ordering System – Table Reservation plugin to the latest version as soon as possible.
Implement security measures to prevent XSS attacks, such as input validation and output encoding.
Be cautious when clicking on links or performing actions on websites, especially those you don’t trust.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help