CVE-2023-47826: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in NicheAddons Restaurant & Cafe Addon for Elementor, affecting versions through 1.5.3. The vulnerability was discovered by Abdi Pranata and was disclosed on November 16, 2023. This security issue was assigned CVE-2023-47826 and relates to incorrectly configured access control security levels (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 base score of 6.5 (Medium). The vulnerability vector is characterized as CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L, indicating network accessibility with low attack complexity and no required privileges or user interaction (Patchstack).

The vulnerability allows unprivileged users to execute certain higher privileged actions due to missing authorization, authentication, or nonce token checks. This broken access control issue is considered moderately dangerous and is expected to become exploited (Patchstack).

The vulnerability has been fixed in version 1.5.4 of the Restaurant & Cafe Addon for Elementor. Users are advised to update to version 1.5.4 or later immediately. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).