Fivestarplugins Five Star Restaurant Reservations vulnerabilities
3 known vulnerabilities affecting fivestarplugins/five_star_restaurant_reservations.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-0421P4MEDIUMCVSS 6.1fixed in 2.4.122022-11-21
CVE-2022-0421 [MEDIUM] CWE-116 CVE-2022-0421: The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation whe
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping, attackers could perform Cross-Site Scripting attacks aga
nvd
CVE-2021-24965P4MEDIUMCVSS 5.4fixed in 2.4.82022-01-24
CVE-2021-24965 [MEDIUM] CWE-79 CVE-2021-24965: The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSR
The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins
nvd
CVE-2023-34017P4MEDIUMCVSS 6.1≥ n/a, ≤ 2.6.72023-07-25
CVE-2023-34017 [MEDIUM] CWE-79 CVE-2023-34017: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FiveStarPlugins Five Star Restaurant R
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FiveStarPlugins Five Star Restaurant Reservations plugin <= 2.6.7 versions.
nvd