CVE-2026-0974P2HIGHCVSS 8.8≤ 1.20.02026-02-19
CVE-2026-0974 [HIGH] CWE-862 CVE-2026-0974: The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for Word
The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the 'install_plugin' function in all versions up to, and including, 1.20.0. This makes it possible for authenticated attackers, with Subscriber-level access and a
nvd