Vulnerabilities and security researches forredi-restaurant-reservation redi-restaurant-reservation

Jun 07, 2024

CVE, Research URL: CVE-2021-24299
Home page URL: Security reports for ReDi Restaurant Reservation
Application: ReDi Restaurant Reservation
Date: May 17, 2021
Research Description: The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' page provided by the plugin. An unauthenticated user can fill in the form to make a restaurant reservation. The form to make a restaurant reservation field called 'Comment' does not use proper input validation and can be used to store XSS payloads. The XSS payloads will be executed when the plugin user goes to the 'Upcoming' page, which is an external website https://upcoming.reservationdiary.eu/ loaded in an iframe, and the stored reservation with XSS payload is loaded.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-31385
Home page URL: Security reports for ReDi Restaurant Reservation
Application: ReDi Restaurant Reservation
Date: Apr 15, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-29806
Home page URL: Security reports for ReDi Restaurant Reservation
Application: ReDi Restaurant Reservation
Date: Mar 27, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-31299
Home page URL: Security reports for ReDi Restaurant Reservation
Application: ReDi Restaurant Reservation
Date: Apr 10, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Cross-Site Scripting (XSS).This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-36510
Home page URL: Security reports for ReDi Restaurant Reservation
Application: ReDi Restaurant Reservation
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReDi Restaurant Reservation: from n/a through 23.0211.
Affected versions: Min -, max -.
Status: vulnerable

Jul 15, 2024

CVE, Research URL: CVE-2024-38737
Home page URL: Security reports for ReDi Restaurant Reservation
Application: ReDi Restaurant Reservation
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReDi Restaurant Reservation: from n/a through 24.0422.
Affected versions: Min -, max -.
Status: vulnerable

Oct 18, 2024

CVE, Research URL: CVE-2024-9240
Home page URL: Security reports for ReDi Restaurant Reservation
Application: ReDi Restaurant Reservation
Date: Oct 17, 2024
Research Description: The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 24.0902. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Jun 01, 2025

CVE, Research URL: CVE-2025-48286
Home page URL: Security reports for ReDi Restaurant Reservation
Application: ReDi Restaurant Reservation
Date: May 23, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation allows Reflected XSS. This issue affects ReDi Restaurant Reservation: from n/a through 24.1209.
Affected versions: Min -, max -.
Status: vulnerable