tastyigniter CVE Vulnerabilities & Metrics

Focus on tastyigniter vulnerabilities and metrics.

Last updated: 16 Apr 2025, 22:25 UTC

About tastyigniter Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with tastyigniter. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total tastyigniter CVEs: 6
Earliest CVE date: 15 Aug 2021, 18:15 UTC
Latest CVE date: 18 Mar 2025, 15:15 UTC

Latest CVE reference: CVE-2024-44314

Rolling Stats

30-day Count (Rolling): 2
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical tastyigniter CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.75

Max CVSS: 3.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	6
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS tastyigniter CVEs

These are the five CVEs with the highest CVSS scores for tastyigniter, sorted by severity first and recency.

CVE-2022-0602 tastyigniter Published on 05 Apr 2022, 16:15 UTC (CVSS: 3.5)
Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0.
CVE-2022-23378 tastyigniter Published on 09 Feb 2022, 13:15 UTC (CVSS: 3.5)
A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The "items%5B0%5D%5Bpath%5D" parameter of a request made to /admin/allergens/edit/1 is vulnerable.
CVE-2021-38699 tastyigniter Published on 15 Aug 2021, 18:15 UTC (CVSS: 3.5)
TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs.
CVE-2024-44314 tastyigniter Published on 18 Mar 2025, 15:15 UTC (CVSS: 0)
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify if the user has permission to modify an order's status. This flaw can be exploited remotely, leading to unauthorized order manipulation.
CVE-2024-44313 tastyigniter Published on 18 Mar 2025, 15:15 UTC (CVSS: 0)
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.

All CVEs for tastyigniter

CVE-2024-44314 tastyigniter vulnerability CVSS: 0 18 Mar 2025, 15:15 UTC

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify if the user has permission to modify an order's status. This flaw can be exploited remotely, leading to unauthorized order manipulation.

CVE-2024-44313 tastyigniter vulnerability CVSS: 0 18 Mar 2025, 15:15 UTC

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.

CVE-2022-38256 tastyigniter vulnerability CVSS: 0 08 Sep 2022, 18:15 UTC

TastyIgniter v3.5.0 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2022-0602 tastyigniter vulnerability CVSS: 3.5 05 Apr 2022, 16:15 UTC

Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0.

CVE-2022-23378 tastyigniter vulnerability CVSS: 3.5 09 Feb 2022, 13:15 UTC

A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The "items%5B0%5D%5Bpath%5D" parameter of a request made to /admin/allergens/edit/1 is vulnerable.

CVE-2021-38699 tastyigniter vulnerability CVSS: 3.5 15 Aug 2021, 18:15 UTC

TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs.