CVE-2022-3776

Name of the Vulnerable Software and Affected Versions The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress versions up to, and including, 2.3.1

Description The issue is due to missing or incorrect nonce validation on several functions called via AJAX actions, such as forms action, set option, and chosen options. This allows unauthenticated attackers to perform administrative actions, like modifying forms, by tricking a site administrator into performing an action, such as clicking on a link.

Recommendations For versions up to, and including, 2.3.1, update to a version that includes proper nonce validation for AJAX actions to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to the AJAX endpoints related to forms action, set option, and chosen options to minimize the risk of exploitation.