CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0421 – Five Star Restaurant Reservations < 2.4.12 - Unauthenticated Arbitrary Payment Status Update to Stored XSS
https://notcve.org/view.php?id=CVE-2022-0421
31 Oct 2022 — The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping, attackers could perform Cross-Site Scripting attacks against a logged in admin viewing the failed payments El complemento de WordPress Five Star Restaurant Reservations anterior a 2.4.12 no tiene autorización para c... • https://wpscan.com/vulnerability/145e8d3c-cd6f-4827-86e5-ea2d395a80b9 • CWE-116: Improper Encoding or Escaping of Output CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24965 – Five Star Restaurant Reservations < 2.4.8 - Subscriber+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24965
21 Dec 2021 — The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins El plugin Five Star Restaurant Reservations de WordPress versiones anteriores a 2.4.8, no presenta comprobaciones de capacidad y CSRF en la acción AJAX rtb_welc... • https://wpscan.com/vulnerability/306ecf09-fdf0-449c-930c-9dfa58f0efc2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •