The Restaurant & Cafe Addon for Elementor is a plugin for WordPress that has a security issue. This problem is present in all versions up to 1.5.9 and can be exploited through the use of a specific shortcode called ‘narestaurant_elementor_template’. The plugin does not have enough restrictions in place, allowing attackers with Contributor-level access or higher to view private or draft posts created by Elementor that they should not have access to.