Vulnerabilities and security researches forrestropress restropress
Direction: ascendingJun 07, 2024
RestroPress – Online Food Ordering System # CVE-2024-32449
- CVE, Research URL
- Application
- Date
- Apr 15, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in MagniGenie RestroPress.This issue affects RestroPress: from n/a through 3.1.2.
- Affected versions
-
max 3.1.2.1.
- Status
-
vulnerable
RestroPress – Online Food Ordering System # 560c5605ffa94863864f778c4d9c59b784a36d53
- CVE, Research URL
- Application
- Date
- Jul 19, 2021
- Research Description
- RestroPress – Online Food Ordering System [restropress] < 2.8.3.1 RestroPress <= 2.8.2 - Cross-Site Request Forgery to Cart Manipulation The RestroPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.2. This is due to missing nonce validation on various AJAX actions. This makes it possible for unauthenticated attackers to modify the contents of other users' carts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
max 2.8.3.1.
- Status
-
vulnerable
Jun 10, 2024
RestroPress – Online Food Ordering System # CVE-2024-35719
- CVE, Research URL
- Application
- Date
- Jun 08, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagniGenie RestroPress allows Stored XSS.This issue affects RestroPress: from n/a through 3.1.2.1.
- Affected versions
-
max 3.1.2.2.
- Status
-
vulnerable
Apr 04, 2025
RestroPress – Online Food Ordering System # CVE-2025-31877
- CVE, Research URL
- Application
- Date
- Apr 01, 2025
- Research Description
- Missing Authorization vulnerability in Magnigenie RestroPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RestroPress: from n/a through 3.1.8.4.
- Affected versions
-
max 3.1.8.4.
- Status
-
vulnerable
Apr 14, 2025
RestroPress – Online Food Ordering System # CVE-2025-32553
- CVE, Research URL
- Application
- Date
- Apr 11, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress allows Reflected XSS. This issue affects RestroPress: from n/a through 3.1.8.4.
- Affected versions
-
max 3.1.8.4.
- Status
-
vulnerable
Nov 11, 2025
RestroPress – Online Food Ordering System # CVE-2023-53613
- CVE, Research URL
- Application
- Date
- Oct 04, 2025
- Research Description
- In the Linux kernel, the following vulnerability has been resolved: dax: Fix dax_mapping_release() use after free A CONFIG_DEBUG_KOBJECT_RELEASE test of removing a device-dax region provider (like modprobe -r dax_hmem) yields: kobject: 'mapping0' (ffff93eb460e8800): kobject_release, parent 0000000000000000 (delayed 2000) [..] DEBUG_LOCKS_WARN_ON(1) WARNING: CPU: 23 PID: 282 at kernel/locking/lockdep.c:232 __lock_acquire+0x9fc/0x2260 [..] RIP: 0010:__lock_acquire+0x9fc/0x2260 [..] Call Trace: <TASK> [..] lock_acquire+0xd4/0x2c0 ? ida_free+0x62/0x130 _raw_spin_lock_irqsave+0x47/0x70 ? ida_free+0x62/0x130 ida_free+0x62/0x130 dax_mapping_release+0x1f/0x30 device_release+0x36/0x90 kobject_delayed_cleanup+0x46/0x150 Due to attempting ida_free() on an ida object that has already been freed. Devices typically only hold a reference on their parent while registered. If a child needs a parent object to complete its release it needs to hold a reference that it drops from its release callback. Arrange for a dax_mapping to pin its parent dev_dax instance until dax_mapping_release().
- Affected versions
-
max 3.0.0.
- Status
-
vulnerable