CVE-2020-29045
CRITICALFivestarplugins Five Star Restaurant Menu - Insecure Deserialization
Title source: ruleDescription
The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdm_cart cookie in load_cart_from_cookie in includes/class-cart-manager.php.
Exploits (1)
github
WORKING POC
3 stars
by certuscyber · pythonpoc
https://github.com/certuscyber/cve-pocs/tree/main/CVE-2020-29045
References (2)
Core 2
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://wordpress.org/plugins/food-and-drink-menu/#developers
Exploit, Third Party Advisory x_refsource_misc
https://appcheck-ng.com/cve-2020-29045/
Scores
CVSS v3
9.8
EPSS
0.3519
EPSS Percentile
97.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (1)
fivestarplugins/five_star_restaurant_menu
< 2.2.0
Published
Mar 11, 2021
Tracked Since
Feb 18, 2026