The plugin unserialised the fdm_cart cookie value without any sanitisation or validation first, when the Ordering setting of the plugin was enabled, leading to a PHP object injection which could lead to RCE
CPE | Name | Operator | Version |
---|---|---|---|
food-and-drink-menu | lt | 2.2.1 |