CVE-2023-5340

Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection

EPSS 1.2%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

20 Nov 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog.

Affected products

Unknown · Five Star Restaurant Menu and Food Ordering

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/91a5847a-62e7-4b98-a554-5eecb6a06e5b