← Back

Five Star Restaurant Reservations

five_star_restaurant_reservations

Vendor: Fivestarplugins • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-0421
1Fivestarplugins
1Five Star Restaurant Reservations
Apr 30, 2025
Nov 21, 2022
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of ar...Show more
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping, attackers could perform Cross-Site Scripting attacks against a logged in admin viewing the failed paymentsShow less
CVE-2021-24965
1Fivestarplugins
1Five Star Restaurant Reservations
Nov 21, 2024
Jan 24, 2022
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sa...Show more
The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in adminsShow less