2 matches found
CVE-2022-0421
The Five Star Restaurant Reservations WordPress plugin prior to version 2.4.12 has an authorization flaw that allows unauthenticated users to change the payment status of arbitrary bookings. The issue is exacerbated by insufficient sanitization/escaping, enabling stored XSS against administrators...
CVE-2021-24965
CVE-2021-24965 affects the WordPress plugin Five Star Restaurant Reservations (versions before 2.4.8). The vulnerability arises in the rtb_welcome_set_schedule AJAX action, where missing capability and CSRF checks, plus insufficient input sanitisation/escaping, allow any authenticated user (down ...