Online Food Ordering System
by Oretnom23
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-9209 | Cri | 0.64 | 9.8 | 0.02 | Oct 3, 2025 | The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible… | ||
| CVE-2026-30527 | Med | 0.35 | 5.4 | 0.00 | Mar 27, 2026 | A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or… | ||
| CVE-2025-4549 | 0.00 | — | 0.00 | May 11, 2025 | A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/register-router.php. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely.… | |||
| CVE-2025-4548 | 0.00 | — | 0.00 | May 11, 2025 | A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/router.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The… | |||
| CVE-2025-4507 | 0.00 | — | 0.00 | May 10, 2025 | A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/add-item.php. The manipulation of the argument price leads to sql injection. It is possible to initiate the attack remotely. The… | |||
| CVE-2025-4506 | 0.00 | — | 0.00 | May 10, 2025 | A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /routers/menu-router.php. The manipulation of the argument 1_price leads to sql injection. The attack may be… | |||
| CVE-2025-4492 | 0.00 | — | 0.00 | May 9, 2025 | A vulnerability, which was classified as critical, has been found in Campcodes Online Food Ordering System 1.0. This issue affects some unknown processing of the file /routers/ticket-message.php. The manipulation of the argument ticket_id leads to sql injection. The attack may… | |||
| CVE-2025-4491 | 0.00 | — | 0.01 | May 9, 2025 | A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/ticket-status.php. The manipulation of the argument ticket_id leads to sql injection. The attack can be initiated remotely.… | |||
| CVE-2025-4490 | 0.00 | — | 0.01 | May 9, 2025 | A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /view-ticket-admin.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The… | |||
| CVE-2025-4489 | 0.00 | — | 0.01 | May 9, 2025 | A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /routers/user-router.php. The manipulation of the argument t1_verified leads to sql injection. The attack may… | |||
| CVE-2025-2387 | 0.00 | — | 0.00 | Mar 17, 2025 | A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument pid leads to sql injection. It is possible to launch… | |||
| CVE-2024-8604 | 0.00 | — | 0.01 | Sep 9, 2024 | A vulnerability classified as problematic has been found in SourceCodester Online Food Ordering System 2.0. This affects an unknown part of the file index.php of the component Create an Account Page. The manipulation of the argument First Name/Last Name leads to cross site… | |||
| CVE-2023-24647 | 0.00 | — | 0.01 | Feb 13, 2023 | Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter. | |||
| CVE-2023-0256 | 0.00 | — | 0.01 | Jan 12, 2023 | A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /fos/admin/ajax.php?action=login of the component Login Page. The manipulation of the argument Username leads to sql… | |||
| CVE-2022-3015 | 0.00 | — | 0.00 | Aug 27, 2022 | A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulation of the argument date leads to cross site scripting. The attack may be… | |||
| CVE-2022-3012 | 0.00 | — | 0.01 | Aug 27, 2022 | A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to sql injection. The attack may be… | |||
| CVE-2022-2686 | 0.00 | — | 0.00 | Aug 6, 2022 | A vulnerability, which was classified as problematic, was found in oretnom23 Fast Food Ordering System. This affects an unknown part of the component Menu List Page. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack… | |||
| CVE-2022-32335 | 0.00 | — | 0.01 | Jun 14, 2022 | Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/manage_menu.php?id=. | |||
| CVE-2022-32334 | 0.00 | — | 0.01 | Jun 14, 2022 | Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/manage_category.php?id=. | |||
| CVE-2022-32332 | 0.00 | — | 0.01 | Jun 14, 2022 | Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_category. |
- risk 0.64cvss 9.8epss 0.02
The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible…
- risk 0.35cvss 5.4epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or…
- CVE-2025-4549May 11, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/register-router.php. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely.…
- CVE-2025-4548May 11, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/router.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The…
- CVE-2025-4507May 10, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/add-item.php. The manipulation of the argument price leads to sql injection. It is possible to initiate the attack remotely. The…
- CVE-2025-4506May 10, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /routers/menu-router.php. The manipulation of the argument 1_price leads to sql injection. The attack may be…
- CVE-2025-4492May 9, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, has been found in Campcodes Online Food Ordering System 1.0. This issue affects some unknown processing of the file /routers/ticket-message.php. The manipulation of the argument ticket_id leads to sql injection. The attack may…
- CVE-2025-4491May 9, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/ticket-status.php. The manipulation of the argument ticket_id leads to sql injection. The attack can be initiated remotely.…
- CVE-2025-4490May 9, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /view-ticket-admin.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The…
- CVE-2025-4489May 9, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /routers/user-router.php. The manipulation of the argument t1_verified leads to sql injection. The attack may…
- CVE-2025-2387Mar 17, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument pid leads to sql injection. It is possible to launch…
- CVE-2024-8604Sep 9, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in SourceCodester Online Food Ordering System 2.0. This affects an unknown part of the file index.php of the component Create an Account Page. The manipulation of the argument First Name/Last Name leads to cross site…
- CVE-2023-24647Feb 13, 2023risk 0.00cvss —epss 0.01
Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter.
- CVE-2023-0256Jan 12, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /fos/admin/ajax.php?action=login of the component Login Page. The manipulation of the argument Username leads to sql…
- CVE-2022-3015Aug 27, 2022risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulation of the argument date leads to cross site scripting. The attack may be…
- CVE-2022-3012Aug 27, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to sql injection. The attack may be…
- CVE-2022-2686Aug 6, 2022risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in oretnom23 Fast Food Ordering System. This affects an unknown part of the component Menu List Page. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack…
- CVE-2022-32335Jun 14, 2022risk 0.00cvss —epss 0.01
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/manage_menu.php?id=.
- CVE-2022-32334Jun 14, 2022risk 0.00cvss —epss 0.01
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/manage_category.php?id=.
- CVE-2022-32332Jun 14, 2022risk 0.00cvss —epss 0.01
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_category.
Page 1 of 2