Medium severity5.3NVD Advisory· Published May 23, 2024· Updated Apr 8, 2026

CVE-2024-1855

Description

The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application.

Affected products

Themewinter/Wpcafe
cpe:2.3:a:themewinter:wpcafe:*:*:*:*:*:wordpress:*:*
Range: <2.2.24

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/3084054/wp-cafe/trunk/core/action/wpc-ajax-action.phpnvdPatch
www.wordfence.com/threat-intel/vulnerabilities/id/5f83c19e-1b75-4fea-b4de-f7f844a449c0nvdThird Party Advisory
plugins.trac.wordpress.org/browser/wp-cafe/trunk/core/action/wpc-ajax-action.phpnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000