The Food Store plugin for WordPress is vulnerable to a security risk in versions before 1.3.7. It was discovered that the plugin was missing or incorrectly using a form of validation known as “nonce” on several functions. This could allow unauthenticated attackers to make unauthorized changes to the website by tricking a site administrator into clicking on a link.