2 matches found
CVE-2022-0421
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping,...
CVE-2022-0421
The Five Star Restaurant Reservations WordPress plugin prior to version 2.4.12 has an authorization flaw that allows unauthenticated users to change the payment status of arbitrary bookings. The issue is exacerbated by insufficient sanitization/escaping, enabling stored XSS against administrators...