CVE-2023-5340

Published: Nov 20, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog.

Affected (1)

Products: Fivestarplugins: Five Star Restaurant Menu

Fivestarplugins

1 product

Five Star Restaurant Menu

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fivestarplugins Five Star Restaurant Menu	Before 2.4.11

Related CWEs

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (2)

https://wpscan.com/vulnerability/91a5847a-62e7-4b98-a554-5eecb6a06e5b

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/91a5847a-62e7-4b98-a554-5eecb6a06e5b

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.