VYPR

Wpcafe

by WordPress

CVEs (5)

  • CVE-2024-5431HigJun 25, 2024
    risk 0.57cvss 8.8epss 0.01

    The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservation_extra_field shortcode parameter. This makes it possible…

  • CVE-2025-39452HigApr 17, 2025
    risk 0.49cvss 7.5epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics WPCafe wp-cafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through <= 2.2.32.

  • CVE-2025-30829HigMar 27, 2025
    risk 0.49cvss 7.5epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics WPCafe wp-cafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through <= 2.2.31.

  • CVE-2024-5427MedMay 31, 2024
    risk 0.35cvss 6.4epss 0.00

    The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input…

  • CVE-2024-1855MedMay 23, 2024
    risk 0.27cvss 5.3epss 0.00

    The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it…