CVE-2024-1382

Name of the Vulnerable Software and Affected Versions Restaurant Reservations plugin for WordPress versions up to, and including, 1.9

Description The issue allows authenticated attackers with contributor-level access and above to include and execute arbitrary PHP files on the server via the nd rst layout attribute of the nd rst search shortcode. This enables the execution of any PHP code in those files, which can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where an uploaded PHP file may not be directly accessible.

Recommendations For versions up to, and including, 1.9, consider disabling the nd rst search shortcode or restricting access to the nd rst layout attribute until a patch is available. As a temporary workaround, restrict contributor-level access and above to minimize the risk of exploitation.