The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping, attackers could perform Cross-Site Scripting attacks against a logged in admin viewing the failed payments
More Stories
chromium-123.0.6312.86-1.fc40
FEDORA-2024-85531c965e Packages in this update: chromium-123.0.6312.86-1.fc40 Update description: update to 123.0.6312.86 Critical CVE-2024-2883: Use after free in ANGLE High CVE-2024-2885:...
kernel-6.7.11-200.fc39
FEDORA-2024-2fcce4ffb7 Packages in this update: kernel-6.7.11-200.fc39 Update description: The 6.7.11 stable kernel update contains a number of important fixes across...
kernel-6.7.11-100.fc38
FEDORA-2024-e95585dfb9 Packages in this update: kernel-6.7.11-100.fc38 Update description: The 6.7.11 stable kernel update contains a number of important fixes across...