CVE-2020-29045

CRITICAL

Five Star Restaurant Menu < 2.2.0 - Remote Code Execution via Unserialize in fdm_cart Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-29045. PoCs published by certuscyber.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2020-29045, an insecure deserialization vulnerability in the WordPress Five Star Restaurant Menu and Food Ordering plugin. The exploit leverages a crafted serialized payload sent via a cookie to achieve remote code execution on the target server.

Description

The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdm_cart cookie in load_cart_from_cookie in includes/class-cart-manager.php.

Exploits (1)

github WORKING POC 3 stars

by certuscyber · pythonpoc

https://github.com/certuscyber/cve-pocs/tree/main/CVE-2020-29045

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2020-29045, an insecure deserialization vulnerability in the WordPress Five Star Restaurant Menu and Food Ordering plugin. The exploit leverages a crafted serialized payload sent via a cookie to achieve remote code execution on the target server.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress Five Star Restaurant Menu and Food Ordering plugin <= 2.2.0

Auth required

Prerequisites: Administrator access to WordPress Dashboard · Enable Ordering option enabled in plugin settings · Custom plugin with Exploit class installed on target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Core References

Release Notes, Third Party Advisory x_refsource_misc

https://wordpress.org/plugins/food-and-drink-menu/#developers

Exploit, Third Party Advisory x_refsource_misc

https://appcheck-ng.com/cve-2020-29045/

Scores

CVSS v3 9.8

EPSS 0.3080

EPSS Percentile 98.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-502

Status published

Products (1)

fivestarplugins/five_star_restaurant_menu < 2.2.0

Published Mar 11, 2021

Tracked Since Feb 18, 2026