cleantalk
Vulnerabilities and Security Researches

Restaurant & Cafe Addon for Elementor, f3d59459193c15db9b30cf501e6999ea8588d35f

CVE, Research URL

f3d59459193c15db9b30cf501e6999ea8588d35f

Home page URL

Security reports for Restaurant & Cafe Addon for Elementor

Application

Restaurant & Cafe Addon for Elementor

Published on
Nov 14, 2023
Research Description
Restaurant &amp; Cafe Addon for Elementor [restaurant-cafe-addon-for-elementor] < 1.5.3 Restaurant & Cafe Addon for Elementor <= 1.5.2 - Missing Authorization The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the rcafe_bw_settings_save_func(), rctl_bw_toggle_submit_func(), rcafe_uw_settings_save_func(), and rctl_uw_toggle_submit_func() functions all hooked via nopriv AJAX actions in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to modify the plugin's settings.
Affected versions
max 1.5.3.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-68567) , Jan 10, 2026
My auctions allegro (CVE-2025-68566) , Jan 10, 2026
My auctions allegro (CVE-2025-12851) , Dec 10, 2025
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026