CVE-2024-1855

Name of the Vulnerable Software and Affected Versions WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress versions up to, and including, 2.2.23

Description The issue allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application, via the wpc check for submission function. This enables Server-Side Request Forgery (SSRF) attacks.

Recommendations For versions up to, and including, 2.2.23, update to a version higher than 2.2.23 to resolve the issue. As a temporary workaround, consider disabling the wpc check for submission function until a patch is available.