Medium severity6.3NVD Advisory· Published Nov 3, 2022· Updated Apr 8, 2026
CVE-2022-2696
CVE-2022-2696
Description
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers with minimal permissions to perform a wide variety of actions such as modifying the plugin's settings and modifying the ordering system preferences.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:oracle:restaurant_menu_-_food_ordering_system_-_table_reservation:*:*:*:*:*:wordpress:*:*Range: <2.3.1
- Range: <=2.3.0
Patches
Vulnerability mechanics
References
4- plugins.trac.wordpress.org/changesetnvdPatchThird Party Advisory
- plugins.trac.wordpress.org/browser/menu-ordering-reservations/trunk/includes/admin/class-glf-admin-screens.phpnvdThird Party Advisory
- www.wordfence.com/vulnerability-advisories-continued/nvdThird Party Advisory
- www.wordfence.com/threat-intel/vulnerabilities/id/01486af8-b378-4663-a9c5-167b8580db94nvd
News mentions
0No linked articles in our index yet.