CVE-2022-0421 in Five Star Restaurant Reservations Plugininfo

Zusammenfassung (Englisch)

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping, attackers could perform Cross-Site Scripting attacks against a logged in admin viewing the failed payments

Reservieren

31.01.2022

Veröffentlichung

21.11.2022

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
214063	Five Star Restaurant Reservations Plugin erweiterte Rechte	862	Nicht definiert	Offizieller Fix	CVE-2022-0421

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

◂ ZurückÜbersichtWeiter ▸

Do you know our Splunk app?

Download it now for free!