VYPR

Online Food Ordering System

by Oretnom23

CVEs (25)

  • CVE-2025-9209CriOct 3, 2025
    risk 0.64cvss 9.8epss 0.02

    The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible…

  • CVE-2026-30527MedMar 27, 2026
    risk 0.35cvss 5.4epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or…

  • CVE-2025-4549May 11, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/register-router.php. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely.…

  • CVE-2025-4548May 11, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/router.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The…

  • CVE-2025-4507May 10, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/add-item.php. The manipulation of the argument price leads to sql injection. It is possible to initiate the attack remotely. The…

  • CVE-2025-4506May 10, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /routers/menu-router.php. The manipulation of the argument 1_price leads to sql injection. The attack may be…

  • CVE-2025-4492May 9, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, has been found in Campcodes Online Food Ordering System 1.0. This issue affects some unknown processing of the file /routers/ticket-message.php. The manipulation of the argument ticket_id leads to sql injection. The attack may…

  • CVE-2025-4491May 9, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/ticket-status.php. The manipulation of the argument ticket_id leads to sql injection. The attack can be initiated remotely.…

  • CVE-2025-4490May 9, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /view-ticket-admin.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The…

  • CVE-2025-4489May 9, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /routers/user-router.php. The manipulation of the argument t1_verified leads to sql injection. The attack may…

  • CVE-2025-2387Mar 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument pid leads to sql injection. It is possible to launch…

  • CVE-2024-8604Sep 9, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in SourceCodester Online Food Ordering System 2.0. This affects an unknown part of the file index.php of the component Create an Account Page. The manipulation of the argument First Name/Last Name leads to cross site…

  • CVE-2023-24647Feb 13, 2023
    risk 0.00cvss epss 0.01

    Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter.

  • CVE-2023-0256Jan 12, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /fos/admin/ajax.php?action=login of the component Login Page. The manipulation of the argument Username leads to sql…

  • CVE-2022-3015Aug 27, 2022
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulation of the argument date leads to cross site scripting. The attack may be…

  • CVE-2022-3012Aug 27, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to sql injection. The attack may be…

  • CVE-2022-2686Aug 6, 2022
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, was found in oretnom23 Fast Food Ordering System. This affects an unknown part of the component Menu List Page. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack…

  • CVE-2022-32335Jun 14, 2022
    risk 0.00cvss epss 0.01

    Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/manage_menu.php?id=.

  • CVE-2022-32334Jun 14, 2022
    risk 0.00cvss epss 0.01

    Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/manage_category.php?id=.

  • CVE-2022-32332Jun 14, 2022
    risk 0.00cvss epss 0.01

    Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_category.

Page 1 of 2