cleantalk
Vulnerabilities and Security Researches

Restaurant & Cafe Addon for Elementor, 2bdfc5916378416a5bffbebc8d9c92fa14b0760d

CVE, Research URL

2bdfc5916378416a5bffbebc8d9c92fa14b0760d

Home page URL

Security reports for Restaurant & Cafe Addon for Elementor

Application

Restaurant & Cafe Addon for Elementor

Published on
Nov 14, 2023
Research Description
Restaurant &amp; Cafe Addon for Elementor [restaurant-cafe-addon-for-elementor] < 1.5.3 Restaurant & Cafe Addon for Elementor <= 1.5.2 - Cross-Site Request Forgery The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. This is due to missing nonce validation on the rcafe_bw_settings_save_func(), rctl_bw_toggle_submit_func(), rcafe_uw_settings_save_func(), and rctl_uw_toggle_submit_func() functions. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.5.3.
Status
vulnerable
Previous vulnerability researches
Restaurant &amp; Cafe Addon for Elementor (a40d1fb409f1734fb45a3ca5f844329ccbca3dba) , Jun 07, 2024
Restaurant &amp; Cafe Addon for Elementor (f5d653a424dde4ca0dbeac282e49e3d8b5b7a305) , Jun 16, 2026
Restaurant &amp; Cafe Addon for Elementor (2bdfc5916378416a5bffbebc8d9c92fa14b0760d) , Jun 16, 2026
Restaurant &amp; Cafe Addon for Elementor (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
Restaurant &amp; Cafe Addon for Elementor (f3d59459193c15db9b30cf501e6999ea8588d35f) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026