WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation, 90d75c4c6d236cccbf5ce896d3bbbcb54c29f2f7

CVE, Research URL: 90d75c4c6d236cccbf5ce896d3bbbcb54c29f2f7
Home page URL: Security reports for WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Application: WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
Published on: Aug 06, 2022
Research Description: WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce [wp-cafe] < 2.2.23 WPCafe – Food Menu, WooCommerce Food Ordering, Food Delivery, Pickup and Restaurant Reservation <= 2.1.4 - Cross-Site Scripting The WPCafe – Food Menu, WooCommerce Food Ordering, Food Delivery, Pickup and Restaurant Reservation plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including 2.1.4 due to insufficient input sanitization and output escaping on the wpc_location_id parameter. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions: Min -, max 2.2.23.
Status: vulnerable

WPCafe &#8211; Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation, 90d75c4c6d236cccbf5ce896d3bbbcb54c29f2f7