The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdm_cart cookie in load_cart_from_cookie in includes/class-cart-manager.php.
CPE | Name | Operator | Version |
---|---|---|---|
five_star_restaurant_menu | le | 2.2.0 |