CyberRota
← Ana sayfaya dön

CVE-2026-11802

MEDIUM · CVSS 5.3

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-14T02:16:52.577 · Çekilme zamanı: 2026-07-14T06:06:20.595273+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-11802
Severity
MEDIUM
CVSS
5.3
EPSS
Yok
WordPress

Orijinal NVD Açıklaması

The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration() function, accessible via the wp_ajax_nopriv_registration_action AJAX action, lacks any nonce verification or capability check, and does not check the WordPress users_can_register option before calling wp_insert_user(). This makes it possible for unauthenticated attackers to create new user accounts with the 'customer' role and receive authentication cookies, even when the site administrator has explicitly disabled user registration.