CVE-2024-4083 MEDIUM

CVE-2024-4083: Easy Restaurant Table Booking <= 1.0.0 - Cross-Site Request Forgery

Vendor Way2Neelam
Product Easy Restaurant Table Booking
Weakness CWE-352 · CSRF
Published May 2, 2024
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The Easy Restaurant Table Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Key dates

02Disclosure timeline

May 2, 2024 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-2658 newbee-ltd newbee-mall Multiple Endpoints cross-site request forgery CVE-2023-52226 WordPress Advanced Flamingo plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-10377 System Dashboard <= 2.8.20 - Cross-Site Request Forgery CVE-2022-40131 WordPress Page View Count plugin <= 2.5.5 - Cross-Site Request Forgery (CSRF) vulnerability CVE-2023-2277 WP Directory Kit <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wdk_resultitem