CVE-2024-5431

Name of the Vulnerable Software and Affected Versions: The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress versions up to, and including, 2.2.25

Description: The issue allows authenticated attackers with Contributor-level access and above to include remote files on the server, potentially resulting in code execution. This is achieved via the reservation extra field shortcode parameter.

Recommendations: For versions up to, and including, 2.2.25, update to a version higher than 2.2.25 to resolve the issue. As a temporary workaround, consider restricting access to the reservation extra field shortcode parameter to minimize the risk of exploitation.