Unauth. Arbitrary Payment Status Update leading to Stored Cross-Site Scripting (XSS) vulnerability discovered by Krzysztof Zając in WordPress Five Star Restaurant Reservations plugin (versions <= 2.4.11).
Update the WordPress Five Star Restaurant Reservations plugin to the latest available version (at least 2.4.12).