CVE-2023-5340: 
WordPress vulnerability analysis and mitigation

The Five Star Restaurant Menu and Food Ordering WordPress plugin before version 2.4.11 contains a critical security vulnerability identified as CVE-2023-5340. The vulnerability was discovered by Krzysztof Zając from CERT PL and publicly disclosed on October 27, 2023. This security flaw affects the WordPress plugin's AJAX functionality, specifically impacting installations prior to version 2.4.11 (WPScan).

The vulnerability is classified as an Unauthenticated PHP Object Injection vulnerability. The issue stems from the plugin's improper handling of user input through an AJAX action that is accessible to unauthenticated users. The vulnerability allows attackers to perform PHP Object Injection when a suitable gadget is present on the blog. The severity of this vulnerability is rated as Critical with a CVSS v3.1 base score of 9.8, indicating the highest level of risk (NVD).

When successfully exploited, this vulnerability could allow unauthenticated attackers to perform PHP Object Injection attacks against affected WordPress installations. This type of vulnerability can potentially lead to remote code execution if a suitable gadget chain is present in the application, making it particularly dangerous for affected websites (WPScan).

The recommended mitigation is to update the Five Star Restaurant Menu and Food Ordering WordPress plugin to version 2.4.11 or later, which contains the security fix for this vulnerability. Website administrators should prioritize this update due to the critical nature of the vulnerability (WPScan).