cleantalk
Vulnerabilities and Security Researches

Five Star Restaurant Reservations – WordPress Booking Plugin, CVE-2022-0421

CVE, Research URL

CVE-2022-0421

Home page URL

Security reports for Five Star Restaurant Reservations – WordPress Booking Plugin

Application

Five Star Restaurant Reservations – WordPress Booking Plugin

Published on
Nov 21, 2022
Research Description
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping, attackers could perform Cross-Site Scripting attacks against a logged in admin viewing the failed payments
Affected versions
Min -, max 2.4.12.
Status
vulnerable
Previous vulnerability researches
Quick Restaurant Reservations (CVE-2022-44739) , Jun 07, 2024
Quick Restaurant Reservations (CVE-2022-29923) , Jun 07, 2024
Restaurant Reservations (CVE-2019-15819) , Jun 06, 2024
Restaurant Reservations (CVE-2024-1382) , Jun 06, 2024
Restaurant Reservations (CVE-2023-51403) , Jun 06, 2024
New vulnerability
Woo Product Feed For Marketing Channels (CVE-2025-31377) , Apr 10, 2025
Easy custom css by webriti (CVE-2025-31395) , Apr 10, 2025
Checkout Mestres WP (CVE-2025-32695) , Apr 10, 2025
Request Call Back (CVE-2025-32483) , Apr 10, 2025
QR Master (CVE-2025-32116) , Apr 10, 2025