CVE-2020-29045

CRITICAL

Fivestarplugins Five Star Restaurant Menu - Insecure Deserialization

Title source: rule

Description

The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdm_cart cookie in load_cart_from_cookie in includes/class-cart-manager.php.

Exploits (1)

github WORKING POC 3 stars
by certuscyber · pythonpoc
https://github.com/certuscyber/cve-pocs/tree/main/CVE-2020-29045

References (2)

Scores

CVSS v3 9.8
EPSS 0.3519
EPSS Percentile 97.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status published

Affected Products (1)

fivestarplugins/five_star_restaurant_menu < 2.2.0

Timeline

Published Mar 11, 2021
Tracked Since Feb 18, 2026