cleantalk
Vulnerabilities and Security Researches

Restaurant & Cafe Addon for Elementor, 5bceb74e-6c16-4b62-9194-429edde484bc

CVE, Research URL

5bceb74e-6c16-4b62-9194-429edde484bc

Home page URL

Security reports for Restaurant & Cafe Addon for Elementor

Application

Restaurant & Cafe Addon for Elementor

Published on
-
Research Description
Restaurant &amp; Cafe Addon for Elementor [restaurant-cafe-addon-for-elementor] < 1.5.3 Restaurant &amp; Cafe Addon for Elementor &lt; 1.5.3 - Missing Authorization The plugin is vulnerable to unauthorized modification of data due to missing capability checks on the rcafe_bw_settings_save_func(), rctl_bw_toggle_submit_func(), rcafe_uw_settings_save_func(), and rctl_uw_toggle_submit_func() functions all hooked via nopriv AJAX actions in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to modify the plugin&#039;s settings.
Affected versions
max 1.5.3.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-68567) , Jan 10, 2026
My auctions allegro (CVE-2025-68566) , Jan 10, 2026
My auctions allegro (CVE-2025-12851) , Dec 10, 2025
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026