cvedb.io
CVE-2022-2696
MEDIUM · CVSS 6.3
EPSS exploitation probability: 0%
Published 2022-11-03T17:15:27.033 · Last modified 2026-06-17T04:42:24.030

Summary

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers with minimal permissions to perform a wide variety of actions such as modifying the plugin's settings and modifying the ordering system preferences.

Affected products

oracle — restaurant_menu_-_food_ordering_system_-_table_reservation

Does this affect you?

Add your gear to cvedb and we'll alert you only when oracle ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.