CVE-2024-13415

Summary

CVE-2024-13415 is a vulnerability affecting the Food Menu – Restaurant Menu & Online Ordering plugin for WordPress, up to and including version 5.1.4. This issue allows authenticated attackers with Subscriber-level access or higher to gain unauthorized access to the plugin's settings. The cause of this vulnerability is a missing capability check on the response() function within the plugin. Successful exploitation may result in modification of the plugin's settings, potentially leading to significant functionality changes or other unintended consequences. It is strongly recommended that users upgrade to the latest version of the plugin, 5.1.5 or higher, to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.