CVE-2021-24965

CVE-2021-24965: Five Star Restaurant Reservations < 2.4.8 - Subscriber+ Stored Cross-Site Scripting

Vendor Unknown
Product Five Star Restaurant Reservations – WordPress Booking Plugin
Weakness CWE-79 · XSS
Published January 24, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins

Key dates

02Disclosure timeline

January 24, 2022 CVE published
August 3, 2024 Record updated