CVE-2023-0550

Name of the Vulnerable Software and Affected Versions Quick Restaurant Menu plugin for WordPress versions up to, and including, 2.0.2

Description The issue arises from Insecure Direct Object Reference, where the plugin fails to verify the post ID provided to the AJAX action during menu item deletion or modification. This allows authenticated attackers with subscriber-level access or higher to modify or delete arbitrary posts.

Recommendations For Quick Restaurant Menu plugin for WordPress versions up to, and including, 2.0.2, update to a version higher than 2.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action responsible for menu item deletion and modification to prevent unauthorized post modifications.