CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38737 – WordPress ReDi Restaurant Reservation plugin <= 24.0422 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-38737
11 Jul 2024 — Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReDi Restaurant Reservation: from n/a through 24.0422. The ReDi Restaurant Reservation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the redi_restaurant_admin_menu_link_new() function in versions up to, and including, 24.0422. This makes it possible for unauthenticated attackers t... • https://patchstack.com/database/vulnerability/redi-restaurant-reservation/wordpress-redi-restaurant-reservation-plugin-24-0422-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31385 – WordPress ReDi Restaurant Reservation plugin <= 24.0128 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31385
10 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Reservation Diary ReDi Restaurant Reservation. Este problema afecta a la reserva de restaurante ReDi: desde n/a hasta 24.0128. The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 24.0128. This is due to miss... • https://patchstack.com/database/vulnerability/redi-restaurant-reservation/wordpress-redi-restaurant-reservation-plugin-24-0128-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31299 – WordPress ReDi Restaurant Reservation plugin <= 24.0128 - Cross Site Request Forgery (CSRF) to XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-31299
05 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Cross-Site Scripting (XSS).This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 24.0128. This is due to missing or incorrect nonce validation on the redi_restaurant_admin_options_page() function. This makes it possible for unauthenticated attackers to modi... • https://patchstack.com/database/vulnerability/redi-restaurant-reservation/wordpress-redi-restaurant-reservation-plugin-24-0128-cross-site-request-forgery-csrf-to-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29806 – WordPress ReDi Restaurant Reservation plugin <= 24.0128 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29806
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Reservation Diary ReDi Restaurant Reservation permite XSS reflejado. Este problema afecta a la reserva de restaurante ReDi: desde n/a hasta 24.012... • https://patchstack.com/database/vulnerability/redi-restaurant-reservation/wordpress-redi-restaurant-reservation-plugin-24-0128-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36510 – WordPress ReDi Restaurant Reservation plugin <= 23.0211 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-36510
22 Jun 2023 — Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReDi Restaurant Reservation: from n/a through 23.0211. The ReDi Restaurant Reservation plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the redi_restaurant_ajax() function in versions up to, and including, 23.0211. This makes it possible for unauthenticated attacke... • https://patchstack.com/database/wordpress/plugin/redi-restaurant-reservation/vulnerability/wordpress-redi-restaurant-reservation-plugin-23-0211-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •