cleantalk
Vulnerabilities and Security Researches

Online Ordering System For Restaurants & Local Retail by Orderable, CVE-2026-0974

CVE, Research URL

CVE-2026-0974

Home page URL

Security reports for Online Ordering System For Restaurants & Local Retail by Orderable

Application

Online Ordering System For Restaurants & Local Retail by Orderable

Published on
Feb 19, 2026
Research Description
The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the 'install_plugin' function in all versions up to, and including, 1.20.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins, which can lead to Remote Code Execution.
Affected versions
max 1.20.0.
Status
vulnerable
Previous vulnerability researches
Social Link Groups (CVE-2024-49619) , Oct 22, 2024
Featured Posts with Multiple Custom Groups (FPMCG) (CVE-2024-48031) , Oct 13, 2024
Featured Posts with Multiple Custom Groups (FPMCG) (CVE-2024-48032) , Oct 13, 2024
RDP inGroups+ (CVE-2025-23546) , Mar 22, 2025
Payment Gateway Groups for WooCommerce (8e7d6f5fc355d02dfe8d709340a3643188c7e5a6) , Jun 07, 2024
New vulnerability
Sphere Manager (CVE-2026-1905) , Apr 16, 2026
WP Plugin Info Card (CVE-2026-2023) , Apr 16, 2026
TalkJS (CVE-2026-1055) , Apr 16, 2026
News Element Elementor Blog Magazine (CVE-2026-2284) , Apr 16, 2026
WPNakama – Fast and Simple Project Management Tool (CVE-2026-2495) , Apr 16, 2026