cleantalk
Vulnerabilities and Security Researches

Five Star Restaurant Reservations – WordPress Booking Plugin, CVE-2021-24965

CVE, Research URL

CVE-2021-24965

Home page URL

Security reports for Five Star Restaurant Reservations – WordPress Booking Plugin

Application

Five Star Restaurant Reservations – WordPress Booking Plugin

Published on
Jan 24, 2022
Research Description
The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins
Affected versions
Min -, max 2.4.8.
Status
vulnerable
Previous vulnerability researches
Quick Restaurant Reservations (CVE-2022-44739) , Jun 07, 2024
Quick Restaurant Reservations (CVE-2022-29923) , Jun 07, 2024
Restaurant Reservations (CVE-2019-15819) , Jun 06, 2024
Restaurant Reservations (CVE-2024-1382) , Jun 06, 2024
Restaurant Reservations (CVE-2023-51403) , Jun 06, 2024
New vulnerability
Woo Product Feed For Marketing Channels (CVE-2025-31377) , Apr 10, 2025
Easy custom css by webriti (CVE-2025-31395) , Apr 10, 2025
Checkout Mestres WP (CVE-2025-32695) , Apr 10, 2025
Request Call Back (CVE-2025-32483) , Apr 10, 2025
QR Master (CVE-2025-32116) , Apr 10, 2025