Vulnerability Details CVE-2024-1855
The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.1%
CVSS Severity
CVSS v3 Score 5.3
References
- https://plugins.trac.wordpress.org/browser/wp-cafe/trunk/core/action/wpc-ajax-action.php#L76
- https://plugins.trac.wordpress.org/changeset/3084054/wp-cafe/trunk/core/action/wpc-ajax-action.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5f83c19e-1b75-4fea-b4de-f7f844a449c0?source=cve
- https://plugins.trac.wordpress.org/browser/wp-cafe/trunk/core/action/wpc-ajax-action.php#L76
- https://plugins.trac.wordpress.org/changeset/3084054/wp-cafe/trunk/core/action/wpc-ajax-action.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5f83c19e-1b75-4fea-b4de-f7f844a449c0?source=cve
Products affected by CVE-2024-1855
-
cpe:2.3:a:themewinter:wpcafe:-
-
cpe:2.3:a:themewinter:wpcafe:1.0.0
-
cpe:2.3:a:themewinter:wpcafe:1.0.1
-
cpe:2.3:a:themewinter:wpcafe:1.0.2
-
cpe:2.3:a:themewinter:wpcafe:1.0.3
-
cpe:2.3:a:themewinter:wpcafe:1.0.4
-
cpe:2.3:a:themewinter:wpcafe:1.0.5
-
cpe:2.3:a:themewinter:wpcafe:1.0.6
-
cpe:2.3:a:themewinter:wpcafe:1.0.7
-
cpe:2.3:a:themewinter:wpcafe:1.0.8
-
cpe:2.3:a:themewinter:wpcafe:1.0.9
-
cpe:2.3:a:themewinter:wpcafe:1.1.0
-
cpe:2.3:a:themewinter:wpcafe:1.1.1
-
cpe:2.3:a:themewinter:wpcafe:1.1.2
-
cpe:2.3:a:themewinter:wpcafe:1.1.3
-
cpe:2.3:a:themewinter:wpcafe:1.1.4
-
cpe:2.3:a:themewinter:wpcafe:1.1.5
-
cpe:2.3:a:themewinter:wpcafe:1.1.6
-
cpe:2.3:a:themewinter:wpcafe:1.1.7
-
cpe:2.3:a:themewinter:wpcafe:1.1.8
-
cpe:2.3:a:themewinter:wpcafe:1.1.9
-
cpe:2.3:a:themewinter:wpcafe:1.2.0
-
cpe:2.3:a:themewinter:wpcafe:1.2.1
-
cpe:2.3:a:themewinter:wpcafe:1.2.2
-
cpe:2.3:a:themewinter:wpcafe:1.2.3
-
cpe:2.3:a:themewinter:wpcafe:1.2.4
-
cpe:2.3:a:themewinter:wpcafe:1.2.5
-
cpe:2.3:a:themewinter:wpcafe:1.2.6
-
cpe:2.3:a:themewinter:wpcafe:1.2.6.1
-
cpe:2.3:a:themewinter:wpcafe:1.2.8
-
cpe:2.3:a:themewinter:wpcafe:1.2.9
-
cpe:2.3:a:themewinter:wpcafe:1.3.0
-
cpe:2.3:a:themewinter:wpcafe:1.3.1
-
cpe:2.3:a:themewinter:wpcafe:1.3.2
-
cpe:2.3:a:themewinter:wpcafe:1.3.3
-
cpe:2.3:a:themewinter:wpcafe:1.3.4
-
cpe:2.3:a:themewinter:wpcafe:1.3.5
-
cpe:2.3:a:themewinter:wpcafe:1.3.6
-
cpe:2.3:a:themewinter:wpcafe:1.3.7
-
cpe:2.3:a:themewinter:wpcafe:1.3.8
-
cpe:2.3:a:themewinter:wpcafe:1.3.9
-
cpe:2.3:a:themewinter:wpcafe:1.4.0
-
cpe:2.3:a:themewinter:wpcafe:1.4.1
-
cpe:2.3:a:themewinter:wpcafe:1.4.2
-
cpe:2.3:a:themewinter:wpcafe:1.4.3
-
cpe:2.3:a:themewinter:wpcafe:1.4.4
-
cpe:2.3:a:themewinter:wpcafe:1.4.5
-
cpe:2.3:a:themewinter:wpcafe:1.4.6
-
cpe:2.3:a:themewinter:wpcafe:1.4.7
-
cpe:2.3:a:themewinter:wpcafe:1.5.0
-
cpe:2.3:a:themewinter:wpcafe:1.5.1
-
cpe:2.3:a:themewinter:wpcafe:1.5.2
-
cpe:2.3:a:themewinter:wpcafe:1.5.3
-
cpe:2.3:a:themewinter:wpcafe:1.5.4
-
cpe:2.3:a:themewinter:wpcafe:1.5.5
-
cpe:2.3:a:themewinter:wpcafe:1.5.6
-
cpe:2.3:a:themewinter:wpcafe:1.5.7
-
cpe:2.3:a:themewinter:wpcafe:1.5.9
-
cpe:2.3:a:themewinter:wpcafe:1.6.0
-
cpe:2.3:a:themewinter:wpcafe:1.6.1
-
cpe:2.3:a:themewinter:wpcafe:1.6.2
-
cpe:2.3:a:themewinter:wpcafe:1.6.3
-
cpe:2.3:a:themewinter:wpcafe:2.1.0
-
cpe:2.3:a:themewinter:wpcafe:2.1.1
-
cpe:2.3:a:themewinter:wpcafe:2.1.2
-
cpe:2.3:a:themewinter:wpcafe:2.1.3
-
cpe:2.3:a:themewinter:wpcafe:2.1.4
-
cpe:2.3:a:themewinter:wpcafe:2.2.0
-
cpe:2.3:a:themewinter:wpcafe:2.2.1
-
cpe:2.3:a:themewinter:wpcafe:2.2.10
-
cpe:2.3:a:themewinter:wpcafe:2.2.11
-
cpe:2.3:a:themewinter:wpcafe:2.2.12
-
cpe:2.3:a:themewinter:wpcafe:2.2.13
-
cpe:2.3:a:themewinter:wpcafe:2.2.14
-
cpe:2.3:a:themewinter:wpcafe:2.2.15
-
cpe:2.3:a:themewinter:wpcafe:2.2.16
-
cpe:2.3:a:themewinter:wpcafe:2.2.17
-
cpe:2.3:a:themewinter:wpcafe:2.2.18
-
cpe:2.3:a:themewinter:wpcafe:2.2.19
-
cpe:2.3:a:themewinter:wpcafe:2.2.2
-
cpe:2.3:a:themewinter:wpcafe:2.2.20
-
cpe:2.3:a:themewinter:wpcafe:2.2.21
-
cpe:2.3:a:themewinter:wpcafe:2.2.22
-
cpe:2.3:a:themewinter:wpcafe:2.2.23
-
cpe:2.3:a:themewinter:wpcafe:2.2.3
-
cpe:2.3:a:themewinter:wpcafe:2.2.4
-
cpe:2.3:a:themewinter:wpcafe:2.2.5
-
cpe:2.3:a:themewinter:wpcafe:2.2.6
-
cpe:2.3:a:themewinter:wpcafe:2.2.7
-
cpe:2.3:a:themewinter:wpcafe:2.2.8
-
cpe:2.3:a:themewinter:wpcafe:2.2.9