CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33596 – WordPress Five Star Restaurant Reservations plugin <= 2.6.16 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33596
25 Apr 2024 — Missing Authorization vulnerability in Five Star Plugins Five Star Restaurant Reservations.This issue affects Five Star Restaurant Reservations: from n/a through 2.6.16. Vulnerabilidad de autorización faltante en Five Star Plugins Five Star Restaurant Reservations. Este problema afecta a las Reservas de restaurantes Five Star: desde n/a hasta 2.6.16. The Five Star Restaurant Reservations plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versi... • https://patchstack.com/database/vulnerability/restaurant-reservations/wordpress-five-star-restaurant-reservations-plugin-2-6-16-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1382 – Restaurant Reservations <= 1.9 - Directory Traversal to Authenticated (Contributor+) Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-1382
06 Mar 2024 — The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where an up... • https://plugins.trac.wordpress.org/browser/nd-restaurant-reservations/trunk/addons/visual/search/index.php#L49 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-15819 – ND Restaurant Reservations <= 1.3 - Options Change
https://notcve.org/view.php?id=CVE-2019-15819
09 Aug 2019 — The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication. El plugin nd-restaurant-reservations anterior de la versión 1.5 para WordPress no tiene ningún requisito para la autenticación nd_rst_import_settings_php_function. The ND Restaurant Reservations plugin before 1.5 for WordPress is vulnerable to unauthenticated option changes via the nd_rst_import_settings_php_function. This allows unauthenticated attackers to change arbitr... • https://blog.nintechnet.com/privilege-escalation-vulnerability-in-wordpress-nd-restaurant-reservations-plugin • CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •