CVE-2023-5340: Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection
First published: Mon Nov 20 2023(Updated: )
The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fivestarplugins Five Star Restaurant Menu | <2.4.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-5340?
CVE-2023-5340 is a vulnerability in the Five Star Restaurant Menu and Food Ordering WordPress plugin before version 2.4.11 that allows unauthenticated users to perform PHP Object Injection.
How severe is CVE-2023-5340?
CVE-2023-5340 has a severity level of critical with a CVSS score of 9.8.
What is the affected software of CVE-2023-5340?
The affected software of CVE-2023-5340 is the Five Star Restaurant Menu and Food Ordering WordPress plugin before version 2.4.11.
How does CVE-2023-5340 work?
CVE-2023-5340 works by allowing unauthenticated users to unserialize user input via an AJAX action, leading to PHP Object Injection if a suitable gadget is present on the blog.
How can CVE-2023-5340 be fixed?
To fix CVE-2023-5340, users should update the Five Star Restaurant Menu and Food Ordering plugin to version 2.4.11 or higher.
- collector/mitre-cve
- collector/nvd-api
- vendor/fivestarplugins
- product/five star restaurant menu
- canonical/fivestarplugins five star restaurant menu