CVE-2022-2696 - Vulnerability Details - OpenCVE

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers with minimal permissions to perform a wide variety of actions such as modifying the plugin's settings and modifying the ordering system preferences.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Oracle	Restaurant Menu - Food Ordering System - Table Reservation

Configuration 1 [-]

cpe:2.3:a:oracle:restaurant_menu_-_food_ordering_system_-_table_reservation:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/menu-ordering-reservations/trunk/includes/admin/class-glf-admin-screens.php?rev=2664283
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2793398%40menu-ordering-reservations&new=2793398%40menu-ordering-reservations&sfp_email=&sfph_mail=
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2696

History

Fri, 31 Jan 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2022-11-03T16:29:51.558Z

Updated: 2025-01-31T18:28:12.968Z

Reserved: 2022-08-06T17:12:10.788Z

Link: CVE-2022-2696

Vulnrichment

Updated: 2024-08-03T00:46:04.040Z

NVD

Status : Modified

Published: 2022-11-03T17:15:27.033

Modified: 2024-11-21T07:01:32.157

Link: CVE-2022-2696

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-2696", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc", "dateReserved": "2022-08-06T17:12:10.788Z", "datePublished": "2022-11-03T16:29:51.558Z", "dateUpdated": "2025-01-31T18:28:12.968Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2022-11-03T16:29:51.558Z"}, "affected": [{"vendor": "gloriafood", "product": "Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "2.3.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers with minimal permissions to perform a wide variety of actions such as modifying the plugin's settings and modifying the ordering system preferences."}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/menu-ordering-reservations/trunk/includes/admin/class-glf-admin-screens.php?rev=2664283"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2793398%40menu-ordering-reservations&new=2793398%40menu-ordering-reservations&sfp_email=&sfph_mail="}, {"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2696"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/A:L/I:L/C:L/S:U/UI:N/PR:L/AC:L/AV:N", "baseScore": 6.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "ptsfence"}], "timeline": [{"time": "2022-08-08T00:00:00.000+00:00", "lang": "en", "value": "Vendor Notified"}, {"time": "2022-10-31T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:46:04.040Z"}, "title": "CVE Program Container", "references": [{"url": "https://plugins.trac.wordpress.org/browser/menu-ordering-reservations/trunk/includes/admin/class-glf-admin-screens.php?rev=2664283", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2793398%40menu-ordering-reservations&new=2793398%40menu-ordering-reservations&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}, {"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2696", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-31T18:27:55.826167Z", "id": "CVE-2022-2696", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-31T18:28:12.968Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://plugins.trac.wordpress.org/browser/menu-ordering-reservations/trunk/includes/admin/class-glf-admin-screens.php?rev=2664283", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2793398%40menu-ordering-reservations&new=2793398%40menu-ordering-reservations&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}, {"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2696", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:46:04.040Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-2696", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-31T18:27:55.826167Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-31T18:27:46.308Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "ptsfence"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/A:L/I:L/C:L/S:U/UI:N/PR:L/AC:L/AV:N"}}], "affected": [{"vendor": "gloriafood", "product": "Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.3.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2022-08-08T00:00:00.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2022-10-31T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/menu-ordering-reservations/trunk/includes/admin/class-glf-admin-screens.php?rev=2664283"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2793398%40menu-ordering-reservations&new=2793398%40menu-ordering-reservations&sfp_email=&sfph_mail="}, {"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2696"}], "descriptions": [{"lang": "en", "value": "The Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers with minimal permissions to perform a wide variety of actions such as modifying the plugin's settings and modifying the ordering system preferences."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2022-11-03T16:29:51.558Z"}}}, "cveMetadata": {"cveId": "CVE-2022-2696", "state": "PUBLISHED", "dateUpdated": "2025-01-31T18:28:12.968Z", "dateReserved": "2022-08-06T17:12:10.788Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2022-11-03T16:29:51.558Z", "requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:restaurant_menu_-_food_ordering_system_-_table_reservation:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9379D5A3-BCE5-41C6-8BC7-53BC54CFF549", "versionEndExcluding": "2.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers with minimal permissions to perform a wide variety of actions such as modifying the plugin's settings and modifying the ordering system preferences."}, {"lang": "es", "value": "El complemento Restaurant Menu Food Ordering System Table Reservation para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de varias acciones AJAX en versiones hasta la 2.3.0 incluida debido a la falta de comprobaciones de capacidad y de validaci\u00f3n nonce. Esto hace posible que atacantes autenticados con permisos m\u00ednimos realicen una amplia variedad de acciones, como modificar la configuraci\u00f3n del complemento y modificar las preferencias del sistema de pedidos."}], "id": "CVE-2022-2696", "lastModified": "2024-11-21T07:01:32.157", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-03T17:15:27.033", "references": [{"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/browser/menu-ordering-reservations/trunk/includes/admin/class-glf-admin-screens.php?rev=2664283"}, {"source": "security@wordfence.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2793398%40menu-ordering-reservations&new=2793398%40menu-ordering-reservations&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2696"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/browser/menu-ordering-reservations/trunk/includes/admin/class-glf-admin-screens.php?rev=2664283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2793398%40menu-ordering-reservations&new=2793398%40menu-ordering-reservations&sfp_email=&sfph_mail="}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2696"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified"}