Filtered by vendor Fivestarplugins
Subscribe
Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34017 | 1 Fivestarplugins | 1 Five Star Restaurant Menu | 2023-07-31 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FiveStarPlugins Five Star Restaurant Reservations plugin <= 2.6.7 versions. | |||||
| CVE-2021-25060 | 1 Fivestarplugins | 1 Five Star Business Profile And Schema | 2022-02-28 | 3.5 LOW | 5.4 MEDIUM |
| The Five Star Business Profile and Schema WordPress plugin before 2.1.7 does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting issues | |||||
| CVE-2021-24965 | 1 Fivestarplugins | 1 Five Star Restaurant Reservations | 2022-01-28 | 3.5 LOW | 5.4 MEDIUM |
| The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins | |||||