Vulnerabilities and security researches forwp-cafe wp-cafe

Direction: ascending

Jun 07, 2024

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # 90d75c4c6d236cccbf5ce896d3bbbcb54c29f2f7

CVE, Research URL: 90d75c4c6d236cccbf5ce896d3bbbcb54c29f2f7
Home page URL: Security reports for WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Application: WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Date: Aug 06, 2022
Research Description: WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce [wp-cafe] < 2.2.23 WPCafe – Food Menu, WooCommerce Food Ordering, Food Delivery, Pickup and Restaurant Reservation <= 2.1.4 - Cross-Site Scripting The WPCafe – Food Menu, WooCommerce Food Ordering, Food Delivery, Pickup and Restaurant Reservation plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including 2.1.4 due to insufficient input sanitization and output escaping on the wpc_location_id parameter. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions: Min -, max -.
Status: vulnerable

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2024-1855

CVE, Research URL: CVE-2024-1855
Home page URL: Security reports for WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Application: WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Date: May 23, 2024
Research Description: The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application.
Affected versions: Min -, max -.
Status: vulnerable

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2024-5427

CVE, Research URL: CVE-2024-5427
Home page URL: Security reports for WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Application: WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Date: May 31, 2024
Research Description: The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2023-47805

CVE, Research URL: CVE-2023-47805
Home page URL: Security reports for WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Application: WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Date: Dec 09, 2024
Research Description: Missing Authorization vulnerability in Themewinter WPCafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through 2.2.22.
Affected versions: Min -, max -.
Status: vulnerable

Jun 26, 2024

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2024-5431

CVE, Research URL: CVE-2024-5431
Home page URL: Security reports for WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Application: WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Date: Jun 25, 2024
Research Description: The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservation_extra_field shortcode parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include remote files on the server, potentially resulting in code execution
Affected versions: Min -, max -.
Status: vulnerable

Jul 09, 2024

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2024-37513

CVE, Research URL: CVE-2024-37513
Home page URL: Security reports for WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Application: WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Date: Jul 09, 2024
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27.
Affected versions: Min -, max -.
Status: vulnerable

Aug 12, 2024

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2024-43135

CVE, Research URL: CVE-2024-43135
Home page URL: Security reports for WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Application: WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Date: Aug 13, 2024
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through 2.2.28.
Affected versions: Min -, max -.
Status: vulnerable

Apr 02, 2025

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2025-30829

CVE, Research URL: CVE-2025-30829
Home page URL: Security reports for WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Application: WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Date: Mar 27, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion. This issue affects WPCafe: from n/a through 2.2.31.
Affected versions: Min -, max -.
Status: vulnerable

Apr 20, 2025

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2025-39452

CVE, Research URL: CVE-2025-39452
Home page URL: Security reports for WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Application: WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Date: Apr 17, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion. This issue affects WPCafe: from n/a through 2.2.32.
Affected versions: Min -, max -.
Status: vulnerable

Vulnerabilities and security researches forwp-cafe wp-cafe

WPCafe &#8211; Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # 90d75c4c6d236cccbf5ce896d3bbbcb54c29f2f7

WPCafe &#8211; Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2024-1855

WPCafe &#8211; Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2024-5427

WPCafe &#8211; Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2023-47805

WPCafe &#8211; Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2024-5431

WPCafe &#8211; Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2024-37513

WPCafe &#8211; Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2024-43135

WPCafe &#8211; Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2025-30829

WPCafe &#8211; Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2025-39452

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # 90d75c4c6d236cccbf5ce896d3bbbcb54c29f2f7

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2024-1855

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2024-5427

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2023-47805

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2024-5431

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2024-37513

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2024-43135

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2025-30829

WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation # CVE-2025-39452