🔎 Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Five Star Restaurant Menu and Food Ordering

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Five Star Restaurant Menu and Food Ordering

Information

Software Type	Plugin
Software Slug	food-and-drink-menu (view on wordpress.org)
Software Status	Active
Software Author	rustaurius
Software Website	www.fivestarplugins.com
Software Downloads	377,812
Software Active Installs	7,000
Software Record Last Updated	July 26, 2024

5 Vulnerabilities

Restaurant Menu and Food Ordering <= 2.4.16 - Missing Authorization to Menu Creation

4.3

CVE-2024-5459

Jun 4, 2024

Researcher: Lucio Sá

Five Star Restaurant Menu <= 2.4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-29089

Mar 15, 2024

Researcher: Steven Julian

Five Star Restaurant Menu and Food Ordering <= 2.4.10 - Unauthenticated PHP Object Injection

9.8

CVE-2023-5340

Oct 27, 2023

Researcher: Krzysztof Zając

Restaurant Menu and Food Ordering by Five Star Plugins <= 2.4.6 - Cross-Site Request Forgery via maybe_duplicate_item

4.3

CVE-2023-37985

Jul 17, 2023

Researcher: Elliot

Five Star Restaurant Menu <= 2.2.0 - Unauthenticated Arbitrary Object Deserialization leading to Remote Code Execution

9.8

CVE-2020-29045

Jan 11, 2021

Researcher: Nick Blundell

Title	Status	CVE ID	CVSS	Researchers	Date
Restaurant Menu and Food Ordering <= 2.4.16 - Missing Authorization to Menu Creation	Patched	CVE-2024-5459	4.3	Lucio Sá	June 4, 2024
Five Star Restaurant Menu <= 2.4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-29089	6.4	Steven Julian	March 15, 2024
Five Star Restaurant Menu and Food Ordering <= 2.4.10 - Unauthenticated PHP Object Injection	Patched	CVE-2023-5340	9.8	Krzysztof Zając	October 27, 2023
Restaurant Menu and Food Ordering by Five Star Plugins <= 2.4.6 - Cross-Site Request Forgery via maybe_duplicate_item	Patched	CVE-2023-37985	4.3	Elliot	July 17, 2023
Five Star Restaurant Menu <= 2.2.0 - Unauthenticated Arbitrary Object Deserialization leading to Remote Code Execution	Patched	CVE-2020-29045	9.8	Nick Blundell	January 11, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation