Vulnerabilities > Fivestarplugins > Five Star Restaurant Reservations > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-21 | CVE-2022-0421 | Improper Encoding or Escaping of Output vulnerability in Fivestarplugins Five Star Restaurant Reservations The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. | 6.1 |
| 2022-01-24 | CVE-2021-24965 | Unspecified vulnerability in Fivestarplugins Five Star Restaurant Reservations The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. | 5.4 |