Vulnerabilities and security researches forrestaurant-reservations restaurant-reservations

Jun 07, 2024

CVE, Research URL: CVE-2021-24965
Home page URL: Security reports for Five Star Restaurant Reservations – WordPress Booking Plugin
Application: Five Star Restaurant Reservations – WordPress Booking Plugin
Date: Jan 24, 2022
Research Description: The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins
Affected versions: max 2.4.8.
Status: vulnerable

CVE, Research URL: CVE-2022-0421
Home page URL: Security reports for Five Star Restaurant Reservations – WordPress Booking Plugin
Application: Five Star Restaurant Reservations – WordPress Booking Plugin
Date: Nov 21, 2022
Research Description: The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping, attackers could perform Cross-Site Scripting attacks against a logged in admin viewing the failed payments
Affected versions: max 2.4.12.
Status: vulnerable

CVE, Research URL: CVE-2023-34017
Home page URL: Security reports for Five Star Restaurant Reservations – WordPress Booking Plugin
Application: Five Star Restaurant Reservations – WordPress Booking Plugin
Date: Jul 25, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FiveStarPlugins Five Star Restaurant Reservations plugin <= 2.6.7 versions.
Affected versions: max 2.6.8.
Status: vulnerable

CVE, Research URL: CVE-2024-33596
Home page URL: Security reports for Five Star Restaurant Reservations – WordPress Booking Plugin
Application: Five Star Restaurant Reservations – WordPress Booking Plugin
Date: Apr 29, 2024
Research Description: Missing Authorization vulnerability in Five Star Plugins Five Star Restaurant Reservations.This issue affects Five Star Restaurant Reservations: from n/a through 2.6.16.
Affected versions: max 2.6.17.
Status: vulnerable

Apr 03, 2025

CVE, Research URL: CVE-2025-30861
Home page URL: Security reports for Five Star Restaurant Reservations – WordPress Booking Plugin
Application: Five Star Restaurant Reservations – WordPress Booking Plugin
Date: Mar 27, 2025
Research Description: Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.6.29.
Affected versions: max 2.6.30.
Status: vulnerable

Jan 10, 2026

CVE, Research URL: CVE-2025-68601
Home page URL: Security reports for Five Star Restaurant Reservations – WordPress Booking Plugin
Application: Five Star Restaurant Reservations – WordPress Booking Plugin
Date: Dec 24, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Cross Site Request Forgery.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.7.
Affected versions: max 2.7.7.
Status: vulnerable

CVE, Research URL: CVE-2025-68044
Home page URL: Security reports for Five Star Restaurant Reservations – WordPress Booking Plugin
Application: Five Star Restaurant Reservations – WordPress Booking Plugin
Date: Jan 05, 2026
Research Description: Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through 2.7.8.
Affected versions: max 2.7.8.
Status: vulnerable

CVE, Research URL: CVE-2025-11496
Home page URL: Security reports for Five Star Restaurant Reservations – WordPress Booking Plugin
Application: Five Star Restaurant Reservations – WordPress Booking Plugin
Date: Dec 21, 2025
Research Description: The Five Star Restaurant Reservations – WordPress Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rtb-name' parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.7.7.
Status: vulnerable