Missing Authorization vulnerability in Five Star Plugins Five Star Restaurant Reservations.This issue affects Five Star Restaurant Reservations: from n/a through...
5.3CVSS
7.4AI Score
0.0004EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FiveStarPlugins Five Star Restaurant Reservations plugin <= 2.6.7...
6.1CVSS
6.2AI Score
0.0005EPSS
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping,...
6.1CVSS
6AI Score
0.001EPSS
The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform.....
5.4CVSS
5.1AI Score
0.001EPSS