The Five Star Restaurant Reservations WordPress plugin prior to 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fivestarplugins five star restaurant reservations |