WordPress Alex Reservations: Smart Restaurant Booking plugin <= 2.2.3 - Authenticated (Admin+) Arbitrary File Upload vulnerability

Authenticated Admin+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Alex Reservations versions = 2.2.3...

CVE-2025-12399

The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-json/srr/v1/app/upload/file REST endpoint in all versions up to, and including, 2.2.3. This makes it possible for authenticated attackers, wi...

EUVD-2025-38369

The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-json/srr/v1/app/upload/file REST endpoint in all versions up to, and including, 2.2.3. This makes it possible for authenticated attackers, wi...

CVE-2025-12399

Summary: CVE-2025-12399 affects the WordPress plugin “Alex Reservations: Smart Restaurant Booking” up to version 2.2.3. The vulnerability stems from missing file type validation in the REST endpoint /wp-json/srr/v1/app/upload/file, enabling authenticated attackers with Administrator-level access ...

CVE-2025-12399 Alex Reservations: Smart Restaurant Booking <= 2.2.3 - Authenticated (Admin+) Arbitrary File Upload

The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-json/srr/v1/app/upload/file REST endpoint in all versions up to, and including, 2.2.3. This makes it possible for authenticated attackers, wi...

WordPress plugin Alex Reservations: Smart Restaurant Booking 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

Exploit for CVE-2025-12399

Alex Reservations: Smart Restaurant Booking format'Y/m'; $...

CVE-2024-13380 Alex Reservations: Smart Restaurant Booking <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rrform' shortcode in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-13380 Alex Reservations: Smart Restaurant Booking <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rrform' shortcode in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-13380

CVE-2024-13380 affects the Alex Reservations: Smart Restaurant Booking plugin for WordPress. It supports all versions up to 2.0.5 and enables Stored Cross-Site Scripting via the rr_form shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation ...

WordPress Alex Reservations: Smart Restaurant Booking plugin <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Alex Reservations versions = 2.0.5...

WordPress plugin Alex Reservations 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

PT-2025-2143 · WordPress · Alex Reservations

Name of the Vulnerable Software and Affected Versions: Alex Reservations: Smart Restaurant Booking plugin for WordPress versions up to, and including, 2.0.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'rr form' shortcode due to insufficient input sanitization...