cleantalk
Vulnerabilities and Security Researches

RestroPress – Online Food Ordering System, 560c5605ffa94863864f778c4d9c59b784a36d53

CVE, Research URL

560c5605ffa94863864f778c4d9c59b784a36d53

Home page URL

Security reports for RestroPress – Online Food Ordering System

Application

RestroPress – Online Food Ordering System

Published on
Jul 19, 2021
Research Description
RestroPress &#8211; Online Food Ordering System [restropress] < 2.8.3.1 RestroPress <= 2.8.2 - Cross-Site Request Forgery to Cart Manipulation The RestroPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.2. This is due to missing nonce validation on various AJAX actions. This makes it possible for unauthenticated attackers to modify the contents of other users' carts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.8.3.1.
Status
vulnerable
Previous vulnerability researches
RestroPress &#8211; Online Food Ordering System (CVE-2025-31877) , Apr 04, 2025
RestroPress &#8211; Online Food Ordering System (CVE-2025-32553) , Apr 14, 2025
RestroPress &#8211; Online Food Ordering System (CVE-2024-35719) , Jun 10, 2024
RestroPress &#8211; Online Food Ordering System (CVE-2023-53613) , Nov 11, 2025
RestroPress &#8211; Online Food Ordering System (CVE-2024-32449) , Jun 07, 2024
New vulnerability
JB News Ticker (CVE-2025-11804) , Nov 11, 2025
My auctions allegro (CVE-2025-10048) , Nov 11, 2025
Sertifier Certificates &amp; Open Badges &#8211; Tutor LMS (CVE-2025-53214) , Nov 11, 2025
Toast Mobile Menu &#8211; PageSpeed Insights Friendly (CVE-2025-53238) , Nov 11, 2025
Stripe Payment forms for WordPress Plugin – WP Full Pay (CVE-2025-9322) , Nov 11, 2025